In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Eighth International Network Conference (INC 2010)
Title: The Effect of Pre-written Scripts on the Use of Simple Software Security Analysis Tools
Author(s): Matti Mantere, Kaarina Karppinen, Mika Rautila
Keywords: Security, usability, light-weight tools
Abstract: In this paper we study the effect of integrating lightweight, open source, static code security analysis tools using Ruby and shell scripts. Particular emphasis is placed on the effect of tool usability by this approach. By scripts simple analysis methods could be created so that used tools themselves were able to remain completely hidden from the end user. Scripts were used for automatically fetching the relevant source packages, patching them to the right versions and running different analysis tools on the target. Analysis cycle was fully automated and produced rough results of the nature of flaws present in the source material. The overall user experience and ease-of-use of the tools were improved considerably with the pre-defined scripts. This improvement was distinct especially on the analysis phase. With the scripts it was easy to have a cursory estimation of a general risk-level of the target application. This estimation could later be used for deciding further security analysis priorities or other things, dependent of the tools and heuristics used.
Download count: 1325
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.