An Open Source Code Analyzer and Reviewer (OSCAR) Framework

Abstract

Due to the intense usage of IT and the growing number of fields of application, we rely more than ever on functional software components. In conjunction with this development it could be observed that in the last years the popularity of open source software was on the rise for various reasons. However, in the recent past, serious vulnerabilities have been discovered. In order to support open source developers testing their source code for security bugs, in this paper, we present the idea of a framework which combines existing open source security checkers. After presenting the architecture of the framework we demonstrate the functionality of the framework using the vulnerable application Web Goat.