An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing

by   Roland Croft, et al.

Background: Static Application Security Testing (SAST) tools purport to assist developers in detecting security issues in source code. These tools typically use rule-based approaches to scan source code for security vulnerabilities. However, due to the significant shortcomings of these tools (i.e., high false positive rates), learning-based approaches for Software Vulnerability Prediction (SVP) are becoming a popular approach. Aims: Despite the similar objectives of these two approaches, their comparative value is unexplored. We provide an empirical analysis of SAST tools and SVP models, to identify their relative capabilities for source code security analysis. Method: We evaluate the detection and assessment performance of several common SAST tools and SVP models on a variety of vulnerability datasets. We further assess the viability and potential benefits of combining the two approaches. Results: SAST tools and SVP models provide similar detection capabilities, but SVP models exhibit better overall performance for both detection and assessment. Unification of the two approaches is difficult due to lacking synergies. Conclusions: Our study generates 12 main findings which provide insights into the capabilities and synergy of these two approaches. Through these observations we provide recommendations for use and improvement.


Using ChatGPT as a Static Application Security Testing Tool

In recent years, artificial intelligence has had a conspicuous growth in...

A Critical Comparison on Six Static Analysis Tools: Detection, Agreement, and Precision

Background. Developers use Automated Static Analysis Tools (ASATs) to co...

Vulnerability Detection Using Two-Stage Deep Learning Models

Application security is an essential part of developing modern software,...

On the combination of static analysis for software security assessment – a case study of an open-source e-government project

Static Application Security Testing (SAST) is a popular quality assuranc...

Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned

Binary code similarity analysis (BCSA) is widely used for diverse securi...

Detecting Security Fixes in Open-Source Repositories using Static Code Analyzers

The sources of reliable, code-level information about vulnerabilities th...

Using Machine Learning to Develop Smart Reflex Testing Protocols

Objective: Reflex testing protocols allow clinical laboratories to perfo...

Please sign up or login with your details

Forgot password? Click here to reset