Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools

Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools

<p dir="ltr">Software developers face several challenges when creating or maintaining applications, security assurance is one of them. To minimise the occurrence of vulnerabilities, developers utilize various solutions, including static application security testing (SAST) tools. Thes...

وصف كامل

محفوظ في:
التفاصيل البيبلوغرافية
المؤلف الرئيسي: Elizaveta Kuzmina (22049810) (author)
مؤلفون آخرون: Shahbaz Pervez Chattha (23718897) (author), Seyed Ebrahim Hosseini (17222170) (author), Muazma Shahbaz (22049816) (author), Adnan Akhunzada (20151648) (author)
منشور في: 2025
الموضوعات:
Engineering
Control engineering, mechatronics and robotics
Engineering practice and education
Information and computing sciences
Cybersecurity and privacy
Information systems
Software engineering
Benchmarking utility
Common weakness enumeration (CWE)
Java
Static application security testing (SAST) tools
Spring framework
SAST tools
Static code analysers
Vulnerability detection
الوسوم: إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
الوصف
الملخص:<p dir="ltr">Software developers face several challenges when creating or maintaining applications, security assurance is one of them. To minimise the occurrence of vulnerabilities, developers utilize various solutions, including static application security testing (SAST) tools. These tools use different analysis techniques to detect application flaws and support various programming languages, frameworks and third-party libraries. It is important to understand their capabilities. To the authors’ knowledge, researchers have not yet addressed the gap in the benchmarking of SAST tools used with Spring framework. Therefore, this research proposes a benchmarking utility that is designed to assess the performance of Spring framework SAST tools. The study is based on action research and consists of several parts: the analysis of existing Spring framework vulnerabilities, the collection and enhancement of benchmarking strategies from similar tools and the development of the utility using the collected data. The study findings are of interest to SAST providers as they would be able to use the benchmark for the evaluation of the detection capabilities of their SAST solution in Spring environment. Moreover, the utility could be used to provide benchmark for future research to compare other SAST tools. Overall, the research contributes to the IT, cyber security and related research fields.</p><h2 dir="ltr">Other Information</h2><p dir="ltr">Published in: IEEE Internet of Things Journal<br>License: <a href="https://creativecommons.org/licenses/by/4.0/deed.en" rel="noreferrer noopener" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/jiot.2025.3598235" target="_blank">https://dx.doi.org/10.1109/jiot.2025.3598235</a></p>

مواد مشابهة