| KEYWORD |
Evaluation of Static Security Analysis Tools on Open-Source Distributed Applications
keywords JAVA, SECURITY ANALISYS, VULNERABILITY ANALYSIS
Reference persons RICCARDO SISTO
Research Groups COMPUTER NETWORKS GROUP - NETGROUP, DAUIN - GR-03 - COMPUTER NETWORKS GROUP - NETGROUP, GR-03 - COMPUTER NETWORKS GROUP - NETGROUP, NETGROUP
Thesis type THEORETICAL/EXPERIMENTAL
Description Static Security Alaysis tools are becoming more and more common practice in the development of distributed applications. The thesis aims at performing an evaluation of some static security analysis tools, by applying them to a collection of open-source distributed applications. While today some benchmarks already exist, they are not well aligned with the most recent web development techniques. The work of the candidate will consist in identifying some relevant, modern, open-source projects to be used as bechmarks. Then, the candidate will experiment some of the static analysis tools on these projects and collect results about their performance, according to the OWASP evaluation methodology.
The candidate should have good programming skills in Java and in web programming. Basic knowledge of static security analysis tools is also useful to get started more rapidly. Taking this thesis the candidate will get more skilled in the use of static security analysis tools for distributed applications.
Required skills Programmazione Java, Reti di Calcolatori, Cybersecurity
Deadline 19/10/2021
PROPONI LA TUA CANDIDATURA