Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools
<p dir="ltr">Software developers face several challenges when creating or maintaining applications, security assurance is one of them. To minimise the occurrence of vulnerabilities, developers utilize various solutions, including static application security testing (SAST) tools. Thes...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | , , , |
| منشور في: |
2025
|
| الموضوعات: | |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| _version_ | 1864513537089470464 |
|---|---|
| author | Elizaveta Kuzmina (22049810) |
| author2 | Shahbaz Pervez Chattha (23718897) Seyed Ebrahim Hosseini (17222170) Muazma Shahbaz (22049816) Adnan Akhunzada (20151648) |
| author2_role | author author author author |
| author_facet | Elizaveta Kuzmina (22049810) Shahbaz Pervez Chattha (23718897) Seyed Ebrahim Hosseini (17222170) Muazma Shahbaz (22049816) Adnan Akhunzada (20151648) |
| author_role | author |
| dc.creator.none.fl_str_mv | Elizaveta Kuzmina (22049810) Shahbaz Pervez Chattha (23718897) Seyed Ebrahim Hosseini (17222170) Muazma Shahbaz (22049816) Adnan Akhunzada (20151648) |
| dc.date.none.fl_str_mv | 2025-11-15T03:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1109/JIOT.2025.3598235 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/Spring_Framework_Benchmarking_Utility_for_Static_Application_Security_Testing_SAST_Tools/31995147 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Engineering Control engineering, mechatronics and robotics Engineering practice and education Information and computing sciences Cybersecurity and privacy Information systems Software engineering Benchmarking utility Common weakness enumeration (CWE) Java Static application security testing (SAST) tools Spring framework SAST tools Static code analysers Vulnerability detection |
| dc.title.none.fl_str_mv | Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p dir="ltr">Software developers face several challenges when creating or maintaining applications, security assurance is one of them. To minimise the occurrence of vulnerabilities, developers utilize various solutions, including static application security testing (SAST) tools. These tools use different analysis techniques to detect application flaws and support various programming languages, frameworks and third-party libraries. It is important to understand their capabilities. To the authors’ knowledge, researchers have not yet addressed the gap in the benchmarking of SAST tools used with Spring framework. Therefore, this research proposes a benchmarking utility that is designed to assess the performance of Spring framework SAST tools. The study is based on action research and consists of several parts: the analysis of existing Spring framework vulnerabilities, the collection and enhancement of benchmarking strategies from similar tools and the development of the utility using the collected data. The study findings are of interest to SAST providers as they would be able to use the benchmark for the evaluation of the detection capabilities of their SAST solution in Spring environment. Moreover, the utility could be used to provide benchmark for future research to compare other SAST tools. Overall, the research contributes to the IT, cyber security and related research fields.</p><h2 dir="ltr">Other Information</h2><p dir="ltr">Published in: IEEE Internet of Things Journal<br>License: <a href="https://creativecommons.org/licenses/by/4.0/deed.en" rel="noreferrer noopener" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/jiot.2025.3598235" target="_blank">https://dx.doi.org/10.1109/jiot.2025.3598235</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_a523d4d6f5d4b0adc1e0613f906e8c0b |
| identifier_str_mv | 10.1109/JIOT.2025.3598235 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/31995147 |
| publishDate | 2025 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) ToolsElizaveta Kuzmina (22049810)Shahbaz Pervez Chattha (23718897)Seyed Ebrahim Hosseini (17222170)Muazma Shahbaz (22049816)Adnan Akhunzada (20151648)EngineeringControl engineering, mechatronics and roboticsEngineering practice and educationInformation and computing sciencesCybersecurity and privacyInformation systemsSoftware engineeringBenchmarking utilityCommon weakness enumeration (CWE)JavaStatic application security testing (SAST) toolsSpring frameworkSAST toolsStatic code analysersVulnerability detection<p dir="ltr">Software developers face several challenges when creating or maintaining applications, security assurance is one of them. To minimise the occurrence of vulnerabilities, developers utilize various solutions, including static application security testing (SAST) tools. These tools use different analysis techniques to detect application flaws and support various programming languages, frameworks and third-party libraries. It is important to understand their capabilities. To the authors’ knowledge, researchers have not yet addressed the gap in the benchmarking of SAST tools used with Spring framework. Therefore, this research proposes a benchmarking utility that is designed to assess the performance of Spring framework SAST tools. The study is based on action research and consists of several parts: the analysis of existing Spring framework vulnerabilities, the collection and enhancement of benchmarking strategies from similar tools and the development of the utility using the collected data. The study findings are of interest to SAST providers as they would be able to use the benchmark for the evaluation of the detection capabilities of their SAST solution in Spring environment. Moreover, the utility could be used to provide benchmark for future research to compare other SAST tools. Overall, the research contributes to the IT, cyber security and related research fields.</p><h2 dir="ltr">Other Information</h2><p dir="ltr">Published in: IEEE Internet of Things Journal<br>License: <a href="https://creativecommons.org/licenses/by/4.0/deed.en" rel="noreferrer noopener" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/jiot.2025.3598235" target="_blank">https://dx.doi.org/10.1109/jiot.2025.3598235</a></p>2025-11-15T03:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1109/JIOT.2025.3598235https://figshare.com/articles/journal_contribution/Spring_Framework_Benchmarking_Utility_for_Static_Application_Security_Testing_SAST_Tools/31995147CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/319951472025-11-15T03:00:00Z |
| spellingShingle | Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools Elizaveta Kuzmina (22049810) Engineering Control engineering, mechatronics and robotics Engineering practice and education Information and computing sciences Cybersecurity and privacy Information systems Software engineering Benchmarking utility Common weakness enumeration (CWE) Java Static application security testing (SAST) tools Spring framework SAST tools Static code analysers Vulnerability detection |
| status_str | publishedVersion |
| title | Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools |
| title_full | Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools |
| title_fullStr | Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools |
| title_full_unstemmed | Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools |
| title_short | Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools |
| title_sort | Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools |
| topic | Engineering Control engineering, mechatronics and robotics Engineering practice and education Information and computing sciences Cybersecurity and privacy Information systems Software engineering Benchmarking utility Common weakness enumeration (CWE) Java Static application security testing (SAST) tools Spring framework SAST tools Static code analysers Vulnerability detection |