Transparent Static Analysis for the Detection of Security Vulnerabilities
Junior Submission
Static code analysis is a technology to automatically detect various security vulnerabilities at implementation time. Nevertheless, studies show that developers reject static analysis tools. The reason is that developers struggle to configure the static analysis such that it can operate efficiently in their application context. In this work, we improve the current situation by making the domain of static code analysis more transparent to developers when they use static analysis tools. In our approach, we propose a generator of configurations for static analyses for specific vulnerabilities selected by the developer. Moreover, the configurations are automatically customized to the code of interest that the developer works on.
Conference DayWed 18 JulDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:24 | |||
14:00 25mDoctoral symposium paper | Optimization based on Facts and Fiction ECOOP and ISSTA Doc Symposium Olivier FlückigerNortheastern University, USA File Attached | ||
14:25 16mDoctoral symposium paper | Two-phase Analysis for Precision and Scalability ECOOP and ISSTA Doc Symposium Anastasios AntoniadisUniversity of Athens, Greece File Attached | ||
14:41 16mDoctoral symposium paper | Transparent Static Analysis for the Detection of Security Vulnerabilities ECOOP and ISSTA Doc Symposium Goran PiskachevFraunhofer IEM File Attached | ||
14:57 16mDoctoral symposium paper | Improving Symbolic Flat Memory Models with Pointer Alias Analysis ECOOP and ISSTA Doc Symposium Timotej KapusImperial College London File Attached | ||
15:13 16mDoctoral symposium paper | Auto-tuning Framework for Multi-core Interference Analysis ECOOP and ISSTA Doc Symposium Dan IorgaImperial College London, UK | ||
