Empirical comparison between vulnerability detection tools
Due to an increase in open source libraries usage, organizations are concern about the security risk of using open source libraries. Software Composition Analysis tool is recommended as it is an automated tool that notifies the developers when vulnerabilities in libraries are detected. However, it i...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
2019
|
Subjects: | |
Online Access: | http://hdl.handle.net/10356/76990 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-76990 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-769902023-03-03T20:46:47Z Empirical comparison between vulnerability detection tools Lee, Kian Lon Liu Yang School of Computer Science and Engineering DRNTU::Engineering::Computer science and engineering Due to an increase in open source libraries usage, organizations are concern about the security risk of using open source libraries. Software Composition Analysis tool is recommended as it is an automated tool that notifies the developers when vulnerabilities in libraries are detected. However, it is difficult for developers to choose a tool that is the most suitable for their project. Each tool uses a different database and has a different approach to detect vulnerabilities. Often, developers realize the tool is not applicable for the project after using it for quite some time. This project aims to assess and compare the accuracy of Software Composition Analysis tools in different configuration environment. Project with different configuration will be used and the result will be stored. The result will be compared to see which tool the best for each project is. This project will also try to identify and understand why false positive and negative occurs. Bachelor of Engineering (Computer Science) 2019-04-29T13:31:00Z 2019-04-29T13:31:00Z 2019 Final Year Project (FYP) http://hdl.handle.net/10356/76990 en Nanyang Technological University 34 p. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
DRNTU::Engineering::Computer science and engineering |
spellingShingle |
DRNTU::Engineering::Computer science and engineering Lee, Kian Lon Empirical comparison between vulnerability detection tools |
description |
Due to an increase in open source libraries usage, organizations are concern about the security risk of using open source libraries. Software Composition Analysis tool is recommended as it is an automated tool that notifies the developers when vulnerabilities in libraries are detected. However, it is difficult for developers to choose a tool that is the most suitable for their project. Each tool uses a different database and has a different approach to detect vulnerabilities. Often, developers realize the tool is not applicable for the project after using it for quite some time.
This project aims to assess and compare the accuracy of Software Composition Analysis tools in different configuration environment. Project with different configuration will be used and the result will be stored. The result will be compared to see which tool the best for each project is. This project will also try to identify and understand why false positive and negative occurs. |
author2 |
Liu Yang |
author_facet |
Liu Yang Lee, Kian Lon |
format |
Final Year Project |
author |
Lee, Kian Lon |
author_sort |
Lee, Kian Lon |
title |
Empirical comparison between vulnerability detection tools |
title_short |
Empirical comparison between vulnerability detection tools |
title_full |
Empirical comparison between vulnerability detection tools |
title_fullStr |
Empirical comparison between vulnerability detection tools |
title_full_unstemmed |
Empirical comparison between vulnerability detection tools |
title_sort |
empirical comparison between vulnerability detection tools |
publishDate |
2019 |
url |
http://hdl.handle.net/10356/76990 |
_version_ |
1759857743353610240 |