Empirical comparison between vulnerability detection tools

Due to an increase in open source libraries usage, organizations are concern about the security risk of using open source libraries. Software Composition Analysis tool is recommended as it is an automated tool that notifies the developers when vulnerabilities in libraries are detected. However, it i...

Full description

Saved in:
Bibliographic Details
Main Author: Lee, Kian Lon
Other Authors: Liu Yang
Format: Final Year Project
Language:English
Published: 2019
Subjects:
Online Access:http://hdl.handle.net/10356/76990
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-76990
record_format dspace
spelling sg-ntu-dr.10356-769902023-03-03T20:46:47Z Empirical comparison between vulnerability detection tools Lee, Kian Lon Liu Yang School of Computer Science and Engineering DRNTU::Engineering::Computer science and engineering Due to an increase in open source libraries usage, organizations are concern about the security risk of using open source libraries. Software Composition Analysis tool is recommended as it is an automated tool that notifies the developers when vulnerabilities in libraries are detected. However, it is difficult for developers to choose a tool that is the most suitable for their project. Each tool uses a different database and has a different approach to detect vulnerabilities. Often, developers realize the tool is not applicable for the project after using it for quite some time. This project aims to assess and compare the accuracy of Software Composition Analysis tools in different configuration environment. Project with different configuration will be used and the result will be stored. The result will be compared to see which tool the best for each project is. This project will also try to identify and understand why false positive and negative occurs. Bachelor of Engineering (Computer Science) 2019-04-29T13:31:00Z 2019-04-29T13:31:00Z 2019 Final Year Project (FYP) http://hdl.handle.net/10356/76990 en Nanyang Technological University 34 p. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic DRNTU::Engineering::Computer science and engineering
spellingShingle DRNTU::Engineering::Computer science and engineering
Lee, Kian Lon
Empirical comparison between vulnerability detection tools
description Due to an increase in open source libraries usage, organizations are concern about the security risk of using open source libraries. Software Composition Analysis tool is recommended as it is an automated tool that notifies the developers when vulnerabilities in libraries are detected. However, it is difficult for developers to choose a tool that is the most suitable for their project. Each tool uses a different database and has a different approach to detect vulnerabilities. Often, developers realize the tool is not applicable for the project after using it for quite some time. This project aims to assess and compare the accuracy of Software Composition Analysis tools in different configuration environment. Project with different configuration will be used and the result will be stored. The result will be compared to see which tool the best for each project is. This project will also try to identify and understand why false positive and negative occurs.
author2 Liu Yang
author_facet Liu Yang
Lee, Kian Lon
format Final Year Project
author Lee, Kian Lon
author_sort Lee, Kian Lon
title Empirical comparison between vulnerability detection tools
title_short Empirical comparison between vulnerability detection tools
title_full Empirical comparison between vulnerability detection tools
title_fullStr Empirical comparison between vulnerability detection tools
title_full_unstemmed Empirical comparison between vulnerability detection tools
title_sort empirical comparison between vulnerability detection tools
publishDate 2019
url http://hdl.handle.net/10356/76990
_version_ 1759857743353610240