2021
DOI: 10.22152/programming-journal.org/2022/6/1
|View full text |Cite
|
Sign up to set email alerts
|

Deriving Static Security Testing from Runtime Security Protection for Web Applications

Abstract: Context: Static Application Security Testing (SAST) and Runtime Application Security Protection (RASP) are important and complementary techniques used for detecting and enforcing application-level security policies in web applications.Inquiry: The current state of the art, however, does not allow a safe and efficient combination of SAST and RASP based on a shared set of security policies, forcing developers to reimplement and maintain the same policies and their enforcement code in both tools.Approach: In this… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Year Published

2022
2022
2023
2023

Publication Types

Select...
2
1

Relationship

0
3

Authors

Journals

citations
Cited by 3 publications
(1 citation statement)
references
References 48 publications
0
1
0
Order By: Relevance
“…Pupo et al [33] developed a two-phase abstract interpretation approach, extracting SAST components from two RASPs. They evaluate their approach by comparing their two-phase approach with a single-phase RASP approach and find that the two-phase approach is better than the single-phase approach in terms of precision.…”
Section: Runtime Application Self Protection (Rasp)mentioning
confidence: 99%
“…Pupo et al [33] developed a two-phase abstract interpretation approach, extracting SAST components from two RASPs. They evaluate their approach by comparing their two-phase approach with a single-phase RASP approach and find that the two-phase approach is better than the single-phase approach in terms of precision.…”
Section: Runtime Application Self Protection (Rasp)mentioning
confidence: 99%