TUHH Open Research
Help
  • Log In
    New user? Click here to register.Have you forgotten your password?
  • English
  • Deutsch
  • Communities & Collections
  • Publications
  • Research Data
  • People
  • Institutions
  • Projects
  • Statistics
  1. Home
  2. TUHH
  3. Publication References
  4. Static analysis versus penetration testing: a controlled experiment
 
Options

Static analysis versus penetration testing: a controlled experiment

Publikationstyp
Conference Paper
Date Issued
2013-11
Sprache
English
Author(s)
Scandariato, Riccardo  
Walden, James  
Joosen, Wouter  
TORE-URI
http://hdl.handle.net/11420/14952
Start Page
451
End Page
460
Article Number
6698898
Citation
2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013: 6698898, 451-460 (2013-12-01)
Contribution to Conference
24th IEEE International Symposium on Software Reliability Engineering, ISSRE 2013  
Publisher DOI
10.1109/ISSRE.2013.6698898
Scopus ID
2-s2.0-84893323688
Publisher
IEEE
Suppose you have to assemble a security team, which is tasked with performing the security analysis of your organization's latest applications. After researching how to assess your applications, you find that the most popular techniques (also offered by most security consultancies) are automated static analysis and black box penetration testing. Under time and budget constraints, which technique would you use first? This paper compares these two techniques by means of an exploratory controlled experiment, in which 9 participants analyzed the security of two open source blogging applications. Despite its relative small size, this study shows that static analysis finds more vulnerabilities and in a shorter time than penetration testing.
DDC Class
004: Informatik
TUHH
Weiterführende Links
  • Contact
  • Send Feedback
  • Cookie settings
  • Privacy policy
  • Impress
DSpace Software

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science
Design by effective webwork GmbH

  • Deutsche NationalbibliothekDeutsche Nationalbibliothek
  • ORCiD Member OrganizationORCiD Member Organization
  • DataCiteDataCite
  • Re3DataRe3Data
  • OpenDOAROpenDOAR
  • OpenAireOpenAire
  • BASE Bielefeld Academic Search EngineBASE Bielefeld Academic Search Engine
Feedback