Herramientas de análisis de código seguro para el uso de desarrollo de software, año 2024
This study compared the main static code analysis tools available on the market in 2024 that were used to evaluate web development projects, in order to determine their usefulness and efficiency in detecting real vulnerabilities, as well as to identify differences in terms of effectiveness, analysis...
Tallennettuna:
| Päätekijä: | |
|---|---|
| Aineistotyyppi: | bachelorThesis |
| Julkaistu: |
2025
|
| Aiheet: | |
| Linkit: | https://dspace.ueb.edu.ec/handle/123456789/8211 |
| Tagit: |
Lisää tagi
Ei tageja, Lisää ensimmäinen tagi!
|
Lisää tagi | Yhteenveto: | This study compared the main static code analysis tools available on the market in 2024 that were used to evaluate web development projects, in order to determine their usefulness and efficiency in detecting real vulnerabilities, as well as to identify differences in terms of effectiveness, analysis time and resource consumption. An experimental method complemented with a comparative method was used to perform controlled tests on two representative software projects. The approach adopted for the research corresponds to the quantitative and qualitative, with measurement techniques such as precision analysis, recall belonging to the metrics of the ROC curve, complemented with observation and documentary review. Although all the technologies used which include: SonarQube, Semgrep, OWASP ASST and HCL AppScan CodeSweep; were effective in detecting vulnerabilities significant differences were found, with which a usage guide was created with the tool that has the greatest balance between the metrics to measure the reliability of the tools evaluated. This indicates that the selection of appropriate tools is critical and must be adjusted to the specific characteristics of each project, highlighting the importance of incorporating these technologies early in the development cycle to mitigate security risks. |
|---|