User Account

All Pages

Security issues of software applications

Assignment Help Software Engineering
Reference no: EM132310134

Leveraging static analysis tools to pinpoint security issues of software applications

The students need to select a well-known static analysis tool (e.g., FindBugs for Java, AndroBugs for Android) and apply it to analyse various software applications (e.g., open sourced projects from GitHub or Android APKs downloaded from markets). More details will be given during the lecture session.

The output of this assessment should include (1) a detailed report describing all the details involved and (2) an executable software package that could be leveraged to replicate the reported experiments.

Tasks

1. Choose a static analysis tool

There are quite a lot of static analyzers available in the community. Here I just list several well-known examples that the students can choose from. The student can still choose other tools including other language-based tools.

- Java: FindBugs
- Android: AndroBugs
- C++: RATS, Flawfinder

2. Understanding the selected tool

The students should explore the selected tool in various aspects, attempting to summarise the capabilities provided by the tool. One way to identify such capabilities could be to go through all the input options that the tool provides.

3. Finding target code to analysis
In this step, the students should choose at least one project (or one Android app) to perform their analysis and that project should contain security issues. Github is a great source that the students can leverage to finding target projects. The following screenshots demonstrate various projects that are mainly written in Java and C++, respectively.

4. Launch the selected analyzing tool to the selected repositories (or Android apps)
After selecting the to-be-tested projects, the next step is to launch the selected static tool to analyse the source code of those selected projects.

The students should clearly describe the setup of their experiments, e.g., how the selected tool is launched, what is the inputs provided? The students are also expected to justify the complexity of the selected projects. How big is the selected projects? Ideally, the more complex the projects selected (e.g., top 10 Java projects hosted on Github), the higher score the assessment will be.

5. Summarize the analyzing results of the a forementioned experiments
After launching the static tool on the selected projects, the tool should generate some results, ideally security issues related to the analysed projects. The students should then summarize those results in various means, attempting to represent those results in more understandable ways. Last but not the least, the students should also provide some insights that are learned from the experiments and could be useful for other code analysers.

Interesting directions that the students are encouraged to explore:
- Comparing the capability of different static analysers
- Comparing the security issues of different projects
- Comparing the different revisions (github releases, tags) of the same project and hence to understand the evolution of security issues.

Attachment:- Assessment Specifications.rar

Verified Expert

This is bug finding assignment done in Arduino and the java programming bug finders and it allows the searcher to find all the bugs and correct it and then do the specification analysis for that particular bug.

Reference no: EM132310134

Questions Cloud

Briefly explain what the simulation modeling relies upon : Based on this knowledge and assumptions, in your own words, briefly explain what the simulation modeling relies upon? Please identify, name, and provide.
Secure IoT Communication using Blockchain Technology : NEF6001 - Research Project - Victoria University - Research Proposal - Secure IoT Communication using Blockchain Technology
What are your expectations of the nurse residency program : What are your expectations of the Nurse Residency Program and how will it help you achieve your goals?
Essential elements of leadership and management : What are the essential elements of leadership and management?
Security issues of software applications : Leveraging static analysis tools to pinpoint security issues of software applications - analyzers available in the community. Here I just list several
Describe the difference between telepresence : Describe the difference between "telepresence" and traditional videoconferencing applications like "Skype"
Conduct a short literature review examining current findings : Conduct a short literature review examining current findings related to hand hygiene practice among healthcare professionals and best practice evidence.
Design a simulated research project proposal : SSA009 - Introduction to Social Research Methods - Loughborough University - design a simulated research project proposal combining the two quantitative methods
Problem solving and systematic problem solving : Explain the difference between intuitive problem solving and systematic problem solving?

Reviews

len2310134

5/22/2019 4:19:46 AM

80% of the assignment mark will be based on the technique report written by the students. The remaining 20% will be the quality of the replication package, which should contain enough message that your tutors (as well as your classmates) can easily re-do your experiments. The report will be marked based on the following criteria: 1. Understanding the general concept of the selected static analysis tool (20%) 2. Clarity and Complexity of the experimental setup (30%) 3. Quality and depth of explanation of the experiment results (30%) 4. Clarity/correctness of the replication package (20%)

len2310134

5/22/2019 4:19:27 AM

use Findbugs for java to analyse two software applications or two different versions of one software application. write a quality report as requirements and step by step. in step 2, you can add some limitations of Findbugs. if you would like use Androbugs to analyse two apks or different versions of one apk, that is fine. please make sure the report should meet the assessments requirements and completed by instructions. some screenshots could be added in report to support analysis.

Write a Review

Software Engineering Questions & Answers

  Describe who the systemsnbspintended usersnbspare and why

describe who the systemsnbspintended usersnbspare and why they will use this software i.e. indicate

  What measures should be taken to protect the firm

if the decision has been made by the firm that a client should be exited on account of the level of money laundering risk posed by the client, what risk issues in the exiting of the client and what measures should be taken to protect the firm agai..

  What is division residual income

The company requires each of its divisions to generate a minimum return of 30 per cent. What is this division's residual income?

  First journal entry to record sales

12,000 dollar discount, use 60,000 points pay $48,000 how many points does 13,500 represent. Prepare shoes on first's journal entry to record those sales.

  Explain elicitation of unb course registration system

As a system analyst to do requirement elicitation of UNB course registration system, use an example to tell how you can apply this technique to your elicitation task.

  Software architecture plays a different role

Software architecture plays a different role in different context. Select each one of these contexts, and describe software architecture's role in the context. Use an example to illustrate your point.Technical Project life cycle

  How software architecture department can support production

Explain how Software Architecture Department can support production, inventory, sales, and marketing to assure Zilack can meet its business objectives.

  Analyze the major disadvantages and possible hazards

Analyze the major disadvantages and possible hazards that an organization should consider before adopting SSDs.

  Describe the use of various types of templates

How do businesses and people benefit from using Microsoft Word to do their work?

  How each of the three security protocols works

Describe in detail how each of the three security protocols works - SSL, Convergence, and DANE - Explain how Convergence addresses this security vulnerability

  What are the test requirements for edge-pair coverage

What are the test requirements for edge coverage? What are the test requirements for edge-pair coverage? List test paths that achieve the edge-pair coverage.

  Giving reasons for your answer suggest two types of

giving reasons for your answer suggest two types of applications where you would not recommend the use of

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd