Vulnerabilities Mapping based on OWASP-SANS: A Survey for Static Application Security Testing (SAST)

Annals of Emerging Technologies in Computing (AETiC), Print ISSN: 2516-0281, Online ISSN: 2516-029X, pp. 1-8, Vol. 4, No. 3, 1st July 2020

DOI: 10.33166/AETiC.2020.03.001

8 Pages Posted: 3 May 2020

See all articles by Jinfeng LI

Jinfeng LI

Department of Electrical and Electronic Engineering, Imperial College London

Date Written: 2020

Abstract

The delivery of a framework in place for secure application development is of real value for application development teams to integrate security into their development life cycle, especially when a mobile or web application moves past the scanning stage and focuses increasingly on the remediation or mitigation phase based on static application security testing (SAST). For the first time, to the author’s knowledge, the industry-standard Open Web Application Security Project (OWASP) top 10 vulnerabilities and CWE/SANS top 25 most dangerous software errors are synced up in a matrix with Checkmarx vulnerability queries, producing an application security framework that helps development teams review and address code vulnerabilities, minimize false positives discovered in static scans and penetration tests, targeting an increased accuracy of the findings. A case study is conducted for vulnerabilities scanning of a proof-of-concept mobile malware detection app. Mapping the OWASP/SANS with Checkmarx vulnerabilities queries, flaws and vulnerabilities are demonstrated to be mitigated with improved efficiency.

Keywords: Application Security, Checkmarx, Malware Detection, OWASP Top 10, SANS Top 25, Static Application Security Testing, Vulnerability Mapping

Suggested Citation

LI, Jinfeng, Vulnerabilities Mapping based on OWASP-SANS: A Survey for Static Application Security Testing (SAST) (2020). Annals of Emerging Technologies in Computing (AETiC), Print ISSN: 2516-0281, Online ISSN: 2516-029X, pp. 1-8, Vol. 4, No. 3, 1st July 2020, DOI: 10.33166/AETiC.2020.03.001, Available at SSRN: https://ssrn.com/abstract=3570446

Jinfeng LI (Contact Author)

Department of Electrical and Electronic Engineering, Imperial College London ( email )

South Kensington Campus
Exhibition Road
London, Greater London SW7 2AZ
United Kingdom

HOME PAGE: http://www.imperial.ac.uk/people/jinfeng.li

Do you want regular updates from SSRN on Twitter?

Paper statistics

Downloads
1,253
Abstract Views
3,028
rank
22,578
PlumX Metrics