The use of application scanners in software product quality assessment

Authors:
Stefan Wagner
Affiliations:
University of Stuttgart, Stuttgart, Germany
Venue:
Proceedings of the 8th international workshop on Software quality
Year:
2011

Citing 14
Cited 0

Non-Detrimental Web Application Security Scanning

ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
SecuBat: a web vulnerability scanner

Proceedings of the 15th international conference on World Wide Web
Demystifying maintainability

Proceedings of the 2006 international workshop on Software quality
Common Vulnerability Scoring System

IEEE Security and Privacy
Using Ranked Nodes to Model Qualitative Judgments in Bayesian Networks

IEEE Transactions on Knowledge and Data Engineering
Multi-module vulnerability analysis of web-based applications

Proceedings of the 14th ACM conference on Computer and communications security
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Organizing Security Patterns

IEEE Software
Tool Support for Continuous Quality Control

IEEE Software
Measuring network security using dynamic bayesian network

Proceedings of the 4th ACM workshop on Quality of protection
The risks with security metrics

Proceedings of the 4th ACM workshop on Quality of protection
A Comprehensive Model of Usability

Engineering Interactive Systems
A Bayesian network approach to assess and predict software quality using activity-based quality models

Information and Software Technology
Software quality models: purposes, usage scenarios and requirements

WOSQ'09 Proceedings of the Seventh ICSE conference on Software quality

Quantified Score

Hi-index	0.00

Visualization

Abstract

Software development needs continuous quality control for a timely detection and removal of quality problems. This includes frequent quality assessments, which need to be automated as far as possible to be feasible. One way of automation in assessing the security of software are application scanners that test an executing software for vulnerabilities. At present, common quality assessments do not integrate such scanners for giving an overall quality statement. This paper presents an integration of application scanners into a general quality assessment method based on explicit quality models and Bayesian nets. Its applicability and the detection capabilities of common scanners are investigated in a case study with two open-source web shops.