Loading [MathJax]/extensions/MathZoom.js
Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing | IEEE Conference Publication | IEEE Xplore
Access provided by:

MIT Libraries

Sign Out
Access provided by:

MIT Libraries

Sign Out
ADVANCED SEARCH
Conferences >2021 International Conference...

Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing

PDF
Ryan Santos; Syed Rizvi; Bradley Cesarone; William Gunn; Erin McConnell
All Authors

Abstract:

Manual code reviews have been used for as long as software development has existed. As modern software development practices continue to evolve so does the security testi...Show More

Metadata

Abstract:

Manual code reviews have been used for as long as software development has existed. As modern software development practices continue to evolve so does the security testing of code. Static Application Security Testing (SAST) can play a significant role in helping developers identify defects in their code during the secure software development lifecycle. SAST tools have become more automated, support more languages, rely less on the developer’s knowledge, and are being considered by some to be an integral part of the industry’s collective best practices. Machine Learning and artificial intelligence are becoming integrated into these tools to detect vulnerabilities faster and with better accuracy. This paper compares manual code review, traditional SAST tools, and SAST tools with machine learning and artificial intelligence integrated to provide a starting point for organizations to choose the most appropriate code analysis technique for identifying potential vulnerabilities in their software.
Published in: 2021 International Conference on Software Security and Assurance (ICSSA)
Date of Conference: 10-12 November 2021
Date Added to IEEE Xplore: 15 January 2025
ISBN Information:
DOI: 10.1109/ICSSA53632.2021.00016
Conference Location: Altoona, PA, USA
No metrics found for this document.
Contents

I. Introduction

According to Statista, the average cost of a data breach in the United States has risen in recent years, from 8.64 million in 2021 [1]. According to a Tripwire study, the most prevalent data breach hacking vector is "vulnerability exploitation." When organizations are targeted, 27% are the result of unpatched vulnerabilities [2]. Based on the average cost per data breach and the substantial percentage of them caused by a lack of vulnerability management, software engineers must do more to eliminate code defects prior to releasing their software for deployment to production environments. The code review process is one part of the software development lifecycle (SLDC) where code defects can be effectively identified before deployment. Code reviews can be performed by some combination of developers manually reviewing code and using static application security testing (SAST). Additionally, machine learning (ML) and artificial intelligence (AI) can be incorporated into SAST tools to reduce the time it takes and improve the accuracy and effectiveness of locating code defects.

Usage
Select a Year
2025

View as

Total usage sinceJan 2025:13
024681012JanFebMarAprMayJunJulAugSepOctNovDec3100000000000
Year Total:13
Data is updated monthly. Usage includes PDF downloads and HTML views.
Citations
Search for
Citations in
Google Scholar®
Contact IEEE to Subscribe
More Like This
Integrating Web Application Security Penetration Testing into the Software Development Life Cycle: A Systematic Literature Review

2021 International Conference on Data Analytics for Business and Industry (ICDABI)

Published: 2021

Enhancing Software Security Analysis: Targeted Test Case Generation through Constraint Solving in Interactive Application Security Testing

2024 IEEE 24th International Conference on Software Quality, Reliability, and Security Companion (QRS-C)

Published: 2024

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.