Evaluating the ability of static code analysis tools to detect injection vulnerabilities

• Main Author: Ramos, Alexander
• Format: Others
• Language: English
• Published: Umeå universitet, Institutionen för datavetenskap 2016
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-128302

Identifying and eliminating security vulnerabilities in programs can be very time consuming. A way to automate and speed up the process is to integrate static code analysis tools in the development process. Choosing a static code analysis tool for a project is not an easy task since different tools have their own strengths and performance characteristics. One way of testing the qualifications of a tool for finding flaws is to test them against a test suite, constructed for the specific purpose of static code analysis tool testing. In this paper the tools Visual Code Grepper, FindBugs and SonarQube are tested for their ability to detect SQL, OS command and LDAP injection vulnerabilities against the Juliet test suite v1.2 for Java and the performance of the tools are evaluated. Since the tools have their own techniques for finding errors and vulnerabilities, diverse results are obtained where the tools show their strengths and weaknesses which are presented in tables and graphs. In general, the FindBugs tool seems to be the most suitable tool for detecting potential injections, however further studies including more test cases should be conducted to cover more of what the tools are capable of detecting. To cover most of the vulnerabilities in a program, it would be ideal to use as many tools as possible to locate the maximum amount of flaws