Description
As software is becoming increasingly integrated into everyday devices, the demand for
secure and bug-free code intensifies, driven by the growing number of vulnerabilities
discovered on a daily basis. Although Static Application Security Testing (SAST) tools
play an important role in identifying potential security flaws, they often produce a
high volume of false positives, putting the burden on developers to manually filter
out non-critical findings. This thesis investigates the integration of fuzzing, a dynamic
analysis method, into the static analysis process to improve the prioritization of findings
through re-ranking.
This research leverages an adapted version of the Magma benchmark to evaluate how
fuzzing can supplement static analysis. It does so by providing a deeper understanding
of Common Weakness Enumeration (CWE) categories and the number of executions
required to trigger real vulnerabilities, revealing that different CWE classes can have
varying mean numbers of executions before being triggered. This data served as
the foundation for a Proof of Concept implementation, which was integrated into
the Woodpecker SAST tool. The P.o.C. was evaluated using the libxml2 XML toolkit
using configuration values attained from Magma. The results demonstrated that the
re-ranking approach could effectively adjust the priority of 8% to 22% of findings in
optimal scenarios. However, the effectiveness of this approach varied significantly based
on the configuration parameters, and there was additionally considerable variance
between different SAST tools.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching