Authors : Joonseon Ahn, Seungcheol Shin, Hyung Joon Lim and Young Sub Lee
Abstract: We present a static vulnerability analyzer with on-the-fly and visualization features and an empirical experiment to demonstrate its usefulness. The analyzer can find security vulnerabilities or weaknesses in program source code under development in an on-the-fly style. Also, the analyzer shows program properties related to the vulnerabilities in visualized forms which can be very helpful for testers to identify false-positives and remediate the vulnerabilities. We conducted an empirical experiment where eleven testers inspect 150 sample programs. The experiment result shows the usefulness of the on-the-fly analysis and visualization compared with manual inspection and server-based vulnerability analyzer.
Joonseon Ahn, Seungcheol Shin, Hyung Joon Lim and Young Sub Lee, 2017. Usefulness of On-The-Fly and Visualization Features in Static Vulnerability Analysis. Journal of Engineering and Applied Sciences, 12: 7723-7730.