Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing

Ryan Santos; Syed Rizvi; Bradley Cesarone; William Gunn; Erin McConnell

doi:10.1109/ICSSA53632.2021.00016

Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing

Ryan Santos, Syed Rizvi, Bradley Cesarone, William Gunn, Erin McConnell

Division of Business, Engineering, and Information Sciences & Technology (Altoona)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Manual code reviews have been used for as long as software development has existed. As modern software development practices continue to evolve so does the security testing of code. Static Application Security Testing (SAST) can play a significant role in helping developers identify defects in their code during the secure software development lifecycle. SAST tools have become more automated, support more languages, rely less on the developer’s knowledge, and are being considered by some to be an integral part of the industry’s collective best practices. Machine Learning and artificial intelligence are becoming integrated into these tools to detect vulnerabilities faster and with better accuracy. This paper compares manual code review, traditional SAST tools, and SAST tools with machine learning and artificial intelligence integrated to provide a starting point for organizations to choose the most appropriate code analysis technique for identifying potential vulnerabilities in their software.

Original language	English (US)
Title of host publication	Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	43-46
Number of pages	4
ISBN (Electronic)	9781665478915
DOIs	https://doi.org/10.1109/ICSSA53632.2021.00016
State	Published - 2021
Event	7th International Conference on Software Security and Assurance, ICSSA 2021 - Altoona, United States Duration: Nov 10 2021 → Nov 11 2021

Publication series

Name	Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021

Conference

Conference	7th International Conference on Software Security and Assurance, ICSSA 2021
Country/Territory	United States
City	Altoona
Period	11/10/21 → 11/11/21

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Software
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ICSSA53632.2021.00016

Cite this

Santos, R., Rizvi, S., Cesarone, B., Gunn, W., & McConnell, E. (2021). Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing. In Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021 (pp. 43-46). (Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSSA53632.2021.00016

Santos, Ryan ; Rizvi, Syed ; Cesarone, Bradley et al. / Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing. Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 43-46 (Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021).

@inproceedings{2867024977c5455bbd4d759548e2968b,

title = "Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing",

abstract = "Manual code reviews have been used for as long as software development has existed. As modern software development practices continue to evolve so does the security testing of code. Static Application Security Testing (SAST) can play a significant role in helping developers identify defects in their code during the secure software development lifecycle. SAST tools have become more automated, support more languages, rely less on the developer{\textquoteright}s knowledge, and are being considered by some to be an integral part of the industry{\textquoteright}s collective best practices. Machine Learning and artificial intelligence are becoming integrated into these tools to detect vulnerabilities faster and with better accuracy. This paper compares manual code review, traditional SAST tools, and SAST tools with machine learning and artificial intelligence integrated to provide a starting point for organizations to choose the most appropriate code analysis technique for identifying potential vulnerabilities in their software.",

author = "Ryan Santos and Syed Rizvi and Bradley Cesarone and William Gunn and Erin McConnell",

note = "Publisher Copyright: {\textcopyright}2021 IEEE.; 7th International Conference on Software Security and Assurance, ICSSA 2021 ; Conference date: 10-11-2021 Through 11-11-2021",

year = "2021",

doi = "10.1109/ICSSA53632.2021.00016",

language = "English (US)",

series = "Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "43--46",

booktitle = "Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021",

address = "United States",

}

Santos, R, Rizvi, S, Cesarone, B, Gunn, W & McConnell, E 2021, Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing. in Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021. Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021, Institute of Electrical and Electronics Engineers Inc., pp. 43-46, 7th International Conference on Software Security and Assurance, ICSSA 2021, Altoona, United States, 11/10/21. https://doi.org/10.1109/ICSSA53632.2021.00016

Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing. / Santos, Ryan; Rizvi, Syed; Cesarone, Bradley et al.
Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 43-46 (Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing

AU - Santos, Ryan

AU - Rizvi, Syed

AU - Cesarone, Bradley

AU - Gunn, William

AU - McConnell, Erin

PY - 2021

Y1 - 2021

N2 - Manual code reviews have been used for as long as software development has existed. As modern software development practices continue to evolve so does the security testing of code. Static Application Security Testing (SAST) can play a significant role in helping developers identify defects in their code during the secure software development lifecycle. SAST tools have become more automated, support more languages, rely less on the developer’s knowledge, and are being considered by some to be an integral part of the industry’s collective best practices. Machine Learning and artificial intelligence are becoming integrated into these tools to detect vulnerabilities faster and with better accuracy. This paper compares manual code review, traditional SAST tools, and SAST tools with machine learning and artificial intelligence integrated to provide a starting point for organizations to choose the most appropriate code analysis technique for identifying potential vulnerabilities in their software.

AB - Manual code reviews have been used for as long as software development has existed. As modern software development practices continue to evolve so does the security testing of code. Static Application Security Testing (SAST) can play a significant role in helping developers identify defects in their code during the secure software development lifecycle. SAST tools have become more automated, support more languages, rely less on the developer’s knowledge, and are being considered by some to be an integral part of the industry’s collective best practices. Machine Learning and artificial intelligence are becoming integrated into these tools to detect vulnerabilities faster and with better accuracy. This paper compares manual code review, traditional SAST tools, and SAST tools with machine learning and artificial intelligence integrated to provide a starting point for organizations to choose the most appropriate code analysis technique for identifying potential vulnerabilities in their software.

UR - http://www.scopus.com/inward/record.url?scp=85217283307&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85217283307&partnerID=8YFLogxK

U2 - 10.1109/ICSSA53632.2021.00016

DO - 10.1109/ICSSA53632.2021.00016

M3 - Conference contribution

AN - SCOPUS:85217283307

T3 - Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021

SP - 43

EP - 46

BT - Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 7th International Conference on Software Security and Assurance, ICSSA 2021

Y2 - 10 November 2021 through 11 November 2021

ER -

Santos R, Rizvi S, Cesarone B, Gunn W, McConnell E. Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing. In Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 43-46. (Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021). doi: 10.1109/ICSSA53632.2021.00016

Reducing Software Vulnerabilities Using Machine Learning Static Application Security Testing

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this