(UPI) Chapter 12: Threat Detection and Defense Techniques
39-minute College Credit Course
Start Course- College Credit
- College Credit
- Beginner
About this Course
In this chapter, the discussion centers on advanced threat detection and defense techniques for web applications, with an emphasis on integrating and benchmarking various security analysis tools. The chapter reviews existing research on static, dynamic, and interactive analysis tools (SAST, DAST, and IAST), proposes a novel methodology for combining these tools to enhance vulnerability detection while reducing false positives, and provides practical insights and rankings based on a comprehensive evaluation using the OWASP Benchmark project.
Background and Related Work
This section presents the background on web technologies security, benchmarking initiatives, security analysis tools, as well as a review and analysis of different security analysis tools combination results in previous comparisons.
5 steps12.3. Method Proposal to Analyze AST n-Tools Combinations
In this stage, the chapter presents a detailed methodology for selecting, combining, and benchmarking SAST, DAST, and IAST tools using the OWASP Benchmark project. It describes the process of tool selection, metric definition, and automated metrics calculation to rank tool combinations based on their effectiveness in detecting vulnerabilities across web applications of varying criticality.
6 steps