Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital

机译：关于静态应用安全测试工具的神话和事实：Telenor Digital的动作研究

获取原文

获取外文期刊封面目录资料

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

It is claimed that integrating agile and security in practice is challenging. There is the notion that security is a heavy process, requires expertise, and consumes developers' time. These contrast with the agile vision. Regardless of these challenges, it is important for organizations to address security within their agile processes since critical assets must be protected against attacks. One way is to integrate tools that could help to identify security weaknesses during implementation and suggest methods to refactor them. We used quantitative and qualitative approaches to investigate the efficiency of the tools and what they mean to the actual users (i.e. developers) at Telenor Digital. Our findings, although not surprising, show that several barriers exist both in terms of tool's performance and developers' perceptions. We suggest practical ways for improvement.

机译：据称，在实践中整合敏捷和安全性是具有挑战性的。存在安全性是一个沉重的过程，需要专业知识，消耗开发人员的时间。这些与敏捷视觉形成鲜明对比。无论这些挑战如何，对于组织来解决其敏捷过程中的安全性，因为必须保护攻击攻击。一种方法是集成有助于在实施期间识别安全弱点的工具，并建议重构它们的方法。我们使用定量和定性方法来调查工具的效率以及它们对Telenor Digital的实际用户（即开发人员）的效率。我们的研究结果虽然不令人惊讶，但表明在工具的表现和开发人员的看法方面都存在几种障碍。我们建议改进的实用方式。

著录项

来源
《International conference on agile processes in software engineering and extreme programming》|2018年|xv 308 p.|共18页
会议地点
作者
Tosin Daniel Oyetoyan; Bisera Milosheska; Mari Grini; Daniela Soares Cruzes;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;
关键词
Security defects; Agile; Static analysis Static application security testing; Software security;

机译：安全缺陷;敏捷;静态分析静态应用安全测试;软件安全;

相似文献

外文文献
中文文献
专利

1. An empirical study of security warnings from static application security testing tools [J] . Aloraini Bushra, Nagappan Meiyappan, German Daniel M., The Journal of Systems and Software . 2019,第Deca期

机译：来自静态应用程序安全性测试工具的安全性警告的实证研究
2. Static application security testing tools [J] . Lindsay Brooke Automotive engineering . 2017,第4期

机译：静态应用安全测试工具
3. Static analysis of source code security: Assessment of tools against SAMATE tests [J] . Gabriel Diaz, Juan Ramon Bermejo Information and software technology . 2013,第8期

机译：静态分析源代码安全性：评估针对SAMATE测试的工具
4. Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital [C] . Tosin Daniel Oyetoyan, Bisera Milosheska, Mari Grini, Agile processes in software engineering and extreme programming . 2018

机译：静态应用程序安全测试工具的神话与事实：Telenor Digital的一项行动研究
5. Fast static test compaction and its application to test generation for synchronous sequential circuits. [D] . Guo, Ruifeng. 2000

机译：快速静态测试压缩及其在同步时序电路的测试生成中的应用。
6. On the Myths of Indicator Species: Issues and Further Consideration in the Use of Static Concepts for Ecological Applications [O] . Michael L. Zettler, C. Edward Proffitt, Alexander Darr, -1

机译：指标物种神话：静态概念在生态学应用中的问题和进一步考虑
7. On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications [O] . Francesc Mateo Tudela, Juan-Ramón Bermejo Higuera, Javier Bermejo Higuera, 2020

机译：组合静态，动态和交互式分析安全测试工具在Web应用程序中提高OWASP十大安全漏洞检测
8. APPLICATION OF APPLIED LOAD RATIO STATIC TEST SIMULATION TECHNIQUES TO FULL-SCALE STRUCTURES;VOL. I, METHODS OF ANALYSIS AND DIGITAL COMPUTER PROGRAMS [R] . R. W. Gehring 1965

机译：应用荷载比静态试验模拟技术在全尺寸结构中的应用。 I，分析方法和数字计算机程序

Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅