Please use this identifier to cite or link to this item:
http://hdl.handle.net/10609/149610
| Title: | Metodología de benchmark de herramientas SAST |
| Author: | de Vega Martín, Miguel E. |
| Tutor: | del Canto Rodrigo, Pau |
| Others: | Garcia-Font, Victor  |
| Abstract: | Evaluating tools for security testing in applications is essential when companies consider investing time and effort in establishing security processes within the SDLC. For this reason, it's crucial to determine the best ways to conduct a thorough study and comparison, aiming to measure and contrast as objectively as possible. For organizations, it is paramount that these tools are effective in detecting vulnerabilities, produce few false positives, offer interoperability with vulnerability management systems, and provide high-quality reports in terms of detection and mitigation recommendations. The aim of this Master's thesis is to establish a testing methodology based on existing ones, expanding it when necessary with relevant comparison parameters for organizations. Additionally, as a secondary objective, a proof of concept will be carried out to obtain metrics on accuracy, false positives, and false negatives, developing a system that contrasts the tool's outcome with the expected results, aligning both in a standardized format such as SARIF. |
| Keywords: | SAST DAST Benchmark |
| Document type: | info:eu-repo/semantics/masterThesis |
| Issue Date: | Jan-2024 |
| Publication license: | http://creativecommons.org/licenses/by-nc-nd/3.0/es/  |
| Appears in Collections: | Trabajos finales de carrera, trabajos de investigación, etc. |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| mdevegamTFM0124memoria.pdf | Memoria del TFM | 2,49 MB | Adobe PDF |  View/Open |
Share:
Google Scholar
Microsoft Academic
This item is licensed under aCreative Commons License
