Conferences >2021 International Conference...

Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing

Download PDF
Download References
Request Permissions
Save to
Alerts

Abstract:

Manual code reviews have been used for as long as software development has existed. As modern software development practices continue to evolve so does the security testi...Show More

Metadata

Abstract:

Manual code reviews have been used for as long as software development has existed. As modern software development practices continue to evolve so does the security testing of code. Static Application Security Testing (SAST) can play a significant role in helping developers identify defects in their code during the secure software development lifecycle. SAST tools have become more automated, support more languages, rely less on the developer’s knowledge, and are being considered by some to be an integral part of the industry’s collective best practices. Machine Learning and artificial intelligence are becoming integrated into these tools to detect vulnerabilities faster and with better accuracy. This paper compares manual code review, traditional SAST tools, and SAST tools with machine learning and artificial intelligence integrated to provide a starting point for organizations to choose the most appropriate code analysis technique for identifying potential vulnerabilities in their software.

Published in: 2021 International Conference on Software Security and Assurance (ICSSA)

Date of Conference: 10-12 November 2021

Date Added to IEEE Xplore: 15 January 2025

ISBN Information:

DOI: 10.1109/ICSSA53632.2021.00016

Conference Location: Altoona, PA, USA

Contents

I. Introduction

According to Statista, the average cost of a data breach in the United States has risen in recent years, from 8.64 million in 2021 [1]. According to a Tripwire study, the most prevalent data breach hacking vector is "vulnerability exploitation." When organizations are targeted, 27% are the result of unpatched vulnerabilities [2]. Based on the average cost per data breach and the substantial percentage of them caused by a lack of vulnerability management, software engineers must do more to eliminate code defects prior to releasing their software for deployment to production environments. The code review process is one part of the software development lifecycle (SLDC) where code defects can be effectively identified before deployment. Code reviews can be performed by some combination of developers manually reviewing code and using static application security testing (SAST). Additionally, machine learning (ML) and artificial intelligence (AI) can be incorporated into SAST tools to reduce the time it takes and improve the accuracy and effectiveness of locating code defects.

References is not available for this document.

Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing

Abstract:

Metadata

Abstract:

I. Introduction

References

IEEE Account

Purchase Details

Profile Information

Need Help?

Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing

Alerts

Abstract:

Metadata

Abstract:

I. Introduction

References