Combining static source code analysis and threat assessment modeling for testing open source software security
MetadataShow full item record
Organizations that implement open source software in their system before they verify the software for security vulnerabilities are more vulnerable to attacks. Therefore, it is important to discover and fix vulnerabilities in open source software before their implementation. Nowadays different techniques exist that help in the vulnerability discovery. The goal of this project is to improve the security of open source software by discovering various source code vulnerabilities using static source code analysis technique, and design and architectural vulnerabilities by developing a threat risk model. I conducted a case study on a remote desktop connection manager application using two static analysis tools and one threat risk modeling tool. In the case study performed, I found that the static analysis tools discovered large number of different types of vulnerabilities on the application. I also discovered some design and architectural vulnerabilities using the threat risk modeling tool. The results obtained from the case study suggest that it is unsafe to deploy open source software in a system without first verifying it for vulnerabilities.
Masteroppgave i informasjons- og kommunikasjonsteknologi IKT590 2012 – Universitetet i Agder, Grimstad