Ana Paula Sayuri Matsunaga, Nuno Antunes, Regina L. O. Moraes
{"title":"覆盖度量和注入漏洞检测:一项实验研究","authors":"Ana Paula Sayuri Matsunaga, Nuno Antunes, Regina L. O. Moraes","doi":"10.1109/EDCC.2016.32","DOIUrl":null,"url":null,"abstract":"Coverage is frequently considered a metric of the quality of the tests and, consequently, of the software dependability. Although one tends to assume a similar relation in the context of vulnerability detection, such assumption is yet to be shown in practice. Although the effectiveness of vulnerability detection tools is limited and largely dependent on the context, developers usually select and use a single tool and implicitly trust on its results. In this practical experience report we study the relation between coverage measurements and the quality of the results of detection tests for injection vulnerabilities, in particular SQL Injection, considering two state of the art tools and multiple testing configurations. Such relation is of utmost importance for developers to understand how good vulnerability detectors are and to compare alternative tools. Results show that code coverage is indeed an effective mean to estimate the quality of vulnerability detection tests and is useful to compare different sets of tests. However, they also show that domain specific metrics are much more effective than generic ones.","PeriodicalId":166039,"journal":{"name":"2016 12th European Dependable Computing Conference (EDCC)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Coverage Metrics and Detection of Injection Vulnerabilities: An Experimental Study\",\"authors\":\"Ana Paula Sayuri Matsunaga, Nuno Antunes, Regina L. O. Moraes\",\"doi\":\"10.1109/EDCC.2016.32\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Coverage is frequently considered a metric of the quality of the tests and, consequently, of the software dependability. Although one tends to assume a similar relation in the context of vulnerability detection, such assumption is yet to be shown in practice. Although the effectiveness of vulnerability detection tools is limited and largely dependent on the context, developers usually select and use a single tool and implicitly trust on its results. In this practical experience report we study the relation between coverage measurements and the quality of the results of detection tests for injection vulnerabilities, in particular SQL Injection, considering two state of the art tools and multiple testing configurations. Such relation is of utmost importance for developers to understand how good vulnerability detectors are and to compare alternative tools. Results show that code coverage is indeed an effective mean to estimate the quality of vulnerability detection tests and is useful to compare different sets of tests. However, they also show that domain specific metrics are much more effective than generic ones.\",\"PeriodicalId\":166039,\"journal\":{\"name\":\"2016 12th European Dependable Computing Conference (EDCC)\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 12th European Dependable Computing Conference (EDCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EDCC.2016.32\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 12th European Dependable Computing Conference (EDCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EDCC.2016.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Coverage Metrics and Detection of Injection Vulnerabilities: An Experimental Study
Coverage is frequently considered a metric of the quality of the tests and, consequently, of the software dependability. Although one tends to assume a similar relation in the context of vulnerability detection, such assumption is yet to be shown in practice. Although the effectiveness of vulnerability detection tools is limited and largely dependent on the context, developers usually select and use a single tool and implicitly trust on its results. In this practical experience report we study the relation between coverage measurements and the quality of the results of detection tests for injection vulnerabilities, in particular SQL Injection, considering two state of the art tools and multiple testing configurations. Such relation is of utmost importance for developers to understand how good vulnerability detectors are and to compare alternative tools. Results show that code coverage is indeed an effective mean to estimate the quality of vulnerability detection tests and is useful to compare different sets of tests. However, they also show that domain specific metrics are much more effective than generic ones.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
