Why Is Static Application Security Testing Hard to Learn?

被引：0

作者：

Krishnan, Padmanabhan ^{[1
]}

Cifuentes, Cristina ^{[2
]}

Li, Li ^{[3
]}

Bissyande, Tegawende F. ^{[4
]}

Klein, Jacques ^{[5
]}

机构：

[1] Oracle Labs, Res, Brisbane, Qld 400, Australia

[2] Oracle Labs, Software Assurance, Brisbane, Qld 400, Australia

[3] Beihang Univ, Sch Software, Beijing 100191, Peoples R China

[4] Univ Luxembourg, L-1359 Luxembourg, Luxembourg

[5] Univ Luxembourg, Interdisciplinary Ctr Secur Reliabil & Trust, Software Engn & Software Secur, L-1359 Luxembourg, Luxembourg

来源：

IEEE SECURITY & PRIVACY | 2023年 / 21卷 / 05期

关键词：

Privacy; Machine learning; Application security; Security; Testing;

D O I：

10.1109/MSEC.2023.3287206

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this article, we summarize our experience in combining program analysis with machine learning (ML) to develop a technique that can improve the development of specific program analyses. Our experience is negative. We describe the areas that need to be addressed if ML techniques are to be useful in the program analysis context. Most of the issues that we report are different from the ones that discuss the state of the art in the use of ML techniques to detect security vulnerabilities

引用

页码：68 / 72

页数：5

共 50 条

[1] Why security testing is hard
Thompson, Herbert H.
[J]. 2003, Institute of Electrical and Electronics Engineers Inc. (01):
[2] Using ChatGPT as a Static Application Security Testing Tool
Bakhshandeh, Atieh
Keramatfar, Abdalsamad
Norouzi, Amir
Chekidehkhoun, Mohammad M.
[J]. ISECURE-ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2023, 15 (03):
[3] Towards Better Utilizing Static Application Security Testing
Yang, Jinqiu
Tan, Lin
Peyton, John
Duer, Kristofer A.
[J]. 2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2019), 2019, : 51 - 60
[4] An Extensive Comparison of Static Application Security Testing Tools
Esposito, Matteo
Falaschi, Valentina
Falessi, Davide
[J]. arXiv, 2024,
[5] An Extensive Comparison of Static Application Security Testing Tools
Esposito, Matteo
Falaschi, Valentina
Falessi, Davide
[J]. PROCEEDINGS OF 2024 28TH INTERNATION CONFERENCE ON EVALUATION AND ASSESSMENT IN SOFTWARE ENGINEERING, EASE 2024, 2024, : 69 - 78
[6] Why Measuring Security Is Hard
Pfleeger, Shari Lawrence
Cunningham, Robert K.
[J]. IEEE SECURITY & PRIVACY, 2010, 8 (04) : 46 - 54
[7] An empirical study of security warnings from static application security testing tools
Aloraini, Bushra
Nagappan, Meiyappan
German, Daniel M.
Hayashi, Shinpei
Higo, Yoshiki
[J]. JOURNAL OF SYSTEMS AND SOFTWARE, 2019, 158
[8] Code Analysis with Static Application Security Testing for Python Program
Li Ma
Huihong Yang
Jianxiong Xu
Zexian Yang
Qidi Lao
Dong Yuan
[J]. Journal of Signal Processing Systems, 2022, 94 : 1169 - 1182
[9] Why are some lessons so hard to learn?
Scott, H
[J]. IRISH JOURNAL OF MEDICAL SCIENCE, 2002, 171 (03) : 64 - 66
[10] Code Analysis with Static Application Security Testing for Python']Python Program
Ma, Li
Yang, Huihong
Xu, Jianxiong
Yang, Zexian
Lao, Qidi
Yuan, Dong
[J]. JOURNAL OF SIGNAL PROCESSING SYSTEMS FOR SIGNAL IMAGE AND VIDEO TECHNOLOGY, 2022, 94 (11): : 1169 - 1182

← 1 2 3 4 5 →