The use of application scanners in software product quality assessment

WoSQ'11 - Proceedings of the 8th International Workshop on Software Quality

Volumn , Issue , 2011, Pages 42-49

  Wagner, Stefan ^a  

^a UNIVERSITY OF STUTTGART   (Germany)

Author keywords

application scanner; bayesian net; quality assessment; quality model

Indexed keywords

BAYESIAN NET; BAYESIAN NETS; DETECTION CAPABILITY; OPEN-SOURCE; OVERALL QUALITY; QUALITY ASSESSMENT; QUALITY MODEL; QUALITY MODELS; QUALITY PROBLEMS; SOFTWARE PRODUCT QUALITY; WEB SHOP;

COMPUTER SOFTWARE SELECTION AND EVALUATION; QUALITY CONTROL; RATING; SOFTWARE DESIGN; SOFTWARE TESTING; USER INTERFACES;

SCANNING;

EID: 80053207319     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2024587.2024597     Document Type: Conference Paper

References (29)

1. M. D. Aime, A. Atzeni, and P. C. Pomi. The risks with security metrics. In Proc. 4th ACM Workshop on Quality of Protection (QoP '08), pages 65-70. ACM Press, 2008.
2. A. Atzeni and A. Lioy. Why to adopt a security metric? a brief survey. In Quality of Protection, volume 23 of Advanced in Information Security, pages 1-12. Springer, 2006.
3. D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. In Proc. IEEE Symposium on Security and Privacy, pages 387-401. IEEE Computer Society, 2008.
4. D. Balzarotti, M. Cova, V. Felmetsger, and G. Vigna. Multi-module vulnerability analysis of web-based applications. In Proc. ACM Conference on Computer and Communication Security (ACM CCS). ACM Press, 2007.
5. V. Basili and H. Rombach. The TAME project: Towards improvement-oriented software environments. IEEE Transactions on Software Engineering, 14(6):758-773, 1988. (Pubitemid 18640017)
6. V. R. Basili, G. Caldiera, and H. D. Rombach. Goal question metric paradigm. In J. C. Marciniak, editor, Encyclopedia of Software Engineering, volume 1. John Wiley & Sons, 1994.
7. P. Black, E. Fong, V. Okun, and R. Gaucher. Software assurance tools: Web application security scanner functional specification version 1.0. Special Publication 500-269, National Institute of Standards and Technology, 2008.
8. M. Broy, F. Deissenboeck, and M. Pizka. Demystifying maintainability. In Proc. Intern. Workshop on Software Quality (WoSQ '06), pages 21-26. ACM Press, 2006.
9. CCRA. Common criteria for information technology security evaluation, version 3.1. http://www.commoncriteria.org, 2009.
10. F. Deissenboeck, E. Juergens, B. Hummel, S. Wagner, B. Mas y Parareda, and M. Pizka. Tool support for continuous quality control. IEEE Softw., 25(5):60-67, 2008.
11. F. Deissenboeck, E. Juergens, K. Lochmann, and S. Wagner. Software quality models: Purposes, usage scenarios and requirements. In Proc. 7th International Workshop on Software Quality (WoSQ 09). IEEE Computer Society, 2009.
12. F. Deissenboeck, S. Wagner, M. Pizka, S. Teuchert, and J. F. Girard. An activity-based quality model for maintainability. In Proc. IEEE International Conference on Software Maintenance (ICSM 2007), pages 184-193. IEEE Computer Society, 2007.
13. Federal Office for Information Security (BSI) in Germany. IT-Grundschutz Catalogues. https://www.bsi.bund.de/, 2007.
14. N. E. Fenton, M. Neil, and J. G. Caballero. Using ranked nodes to model qualitative judgments in Bayesian networks. IEEE Transactions on Knowledge and Data Engineering, 19(10):1420-1432, 2007. (Pubitemid 47460364)
15. FIRST. Common vulnerability scoring system (CVSS). http://www.first.org/ cvss/cvss-guide.html, 2009.
16. M. Frigault, L. Wang, A. Singhal, and S. Jajodia. Measuring network security using dynamic bayesian network. In Proc. 4th ACM Workshop on Quality of Protection (QoP '08), pages 23-30. ACM Press, 2008.
17. M. Grossmann. Towards an applicable software quality model for individual software projects. In Workshop-Band Softwarequalitätsmodellierung und -bewertung (SQMB '09). TU München, 2009.
18. M. Hafiz, P. Adamczyk, and R. Johnson. Organizing security patterns. IEEE Softw., 24(4):52-60, 2007. (Pubitemid 47098794)
19. Y.-W. Huang, C.-H. Tsai, D. Lee, and S.-Y. Kuo. Non-detrimental web application security scanning. In Proc. 15th International Symposium on Software Reliability Engineering (ISSRE 2004), pages 219-230. IEEE Computer Society, 2004.
20. S. Kals, E. Kirda, C. Kruegel, and N. Jovanovic. Secubat: a web vulnerability scanner. In Proc. 15th International Conference on World Wide Web (WWW '06), pages 247-256. ACM Press, 2006.
21. C. Lampasona, A. Trendowicz, M. Kläs, and J. Heidrich. Measurement-based software quality evaluation. In Tagungsband des DASMA Software Metrik Kongresses 2009. Shaker, 2009.
22. P. Mell, K. Scarfone, and S. Romanosky. Common vulnerability scoring system. IEEE Security and Privacy, 4(6):85-89, 2006. (Pubitemid 44925881)
23. Mitre. Common weakness scoring system (CWSS). http://cwe.mitre.org/cwss/.
24. OWASP. OWASP application security verification standard 2009. http://www.owasp.org/.
25. R. Plösch, H. Gruber, A. Hentschel, C. Körner, G. Pomberger, S. Schiffer, M. Saft, and S. Storck. The EMISQ method and its tool support-expert-based evaluation of internal software quality. Innovations in Systems and Software Engineering, 4(1):3-15, 2008. (Pubitemid 351479537)
26. S. Wagner. A Bayesian network approach to assess and predict software quality using activity-based quality models. Information and Software Technology, 52(11):1230-1241, 2010.
27. S. Wagner, D. Mendez Fernandez, S. Islam, and K. Lochmann. A security requirements approach for web systems. In Workshop Quality Assessment in Web (QAW 2009). 2009.
28. S. Winter, S. Wagner, and F. Deissenboeck. A comprehensive model of usability. In In Proc. Engineering Interactive Systems 2007 (EIS '07, volume 4940 of LNCS, pages 106-122. Springer, 2007.
29. A. Yautsiukhin, R. Scandariato, T. Heyman, F. Massacci, and W. Joosen. Towards a quantitative assessment of security in software architectures. In Nordic Workshop on Secure IT Systems (NordSec), October 2008.