all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application. (arXiv:2208.01595v1 [cs.SE])

Add to bookmarks
Aug. 3, 2022, 1:20 a.m. | Sarah Elder, Nusrat Zahan, Rui Shu, Monica Metro, Valeri Kozarev, Tim Menzies, Laurie Williams

cs.CR updates on arXiv.org arxiv.org

CONTEXT: Applying vulnerability detection techniques is one of many tasks
using the limited resources of a software project.


OBJECTIVE: The goal of this research is to assist managers and other
decision-makers in making informed choices about the use of software
vulnerability detection techniques through an empirical study of the efficiency
and effectiveness of four techniques on a Java-based web application.


METHOD: We apply four different categories of vulnerability detection
techniques \textendash~ systematic manual penetration testing (SMPT),
exploratory manual penetration testing …

application case detection find java se study vulnerabilities vulnerability vulnerability detection work

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

IDEA: Invariant Defense for Graph Adversarial Robustness 23 hours ago | arxiv.org
adversarial arxiv cs.cr cs.lg +4
BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting 23 hours ago | arxiv.org
art arxiv attackers attacks +19
ZTD$_{JAVA}$: Mitigating Software Supply Chain Vulnerabilities via Zero-Trust Dependencies 23 hours ago | arxiv.org
accelerate application application development arxiv +26
A Generative Framework for Low-Cost Result Validation of Machine Learning-as-a-Service Inference 23 hours ago | arxiv.org
applications arxiv as-a-service cost +23
PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot 23 hours ago | arxiv.org
arxiv attack attacks attack surface +18
FairCMS: Cloud Media Sharing with Fair Copyright Protection 23 hours ago | arxiv.org
arxiv cloud cloud platform copyright +16
Efficient unitary designs and pseudorandom unitaries from permutations 23 hours ago | arxiv.org
algorithm arxiv construction cs.cr +9
Efficient and Near-Optimal Noise Generation for Streaming Differential Privacy 23 hours ago | arxiv.org
arxiv cs.cc cs.cr cs.ds +11
Privacy-Preserving Statistical Data Generation: Application to Sepsis Detection 23 hours ago | arxiv.org
application artificial artificial intelligence arxiv +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Engineer 2

@ Oracle | BENGALURU, KARNATAKA, India
View on infosec-jobs.com

Oracle EBS DevSecOps Developer

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com

Information Security GRC Specialist - Risk Program Lead

@ Western Digital | Irvine, CA, United States
View on infosec-jobs.com

Senior Cyber Operations Planner (15.09)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com

AI Cybersecurity Architect

@ FactSet | India, Hyderabad, DVS, SEZ-1 – Orion B4; FL 7,8,9,11 (Hyderabad - Divyasree 3)
View on infosec-jobs.com
View more jobs