User Account

All Pages

Security issues of software applications

Assignment Help Software Engineering
Reference no: EM132310134

Leveraging static analysis tools to pinpoint security issues of software applications

The students need to select a well-known static analysis tool (e.g., FindBugs for Java, AndroBugs for Android) and apply it to analyse various software applications (e.g., open sourced projects from GitHub or Android APKs downloaded from markets). More details will be given during the lecture session.

The output of this assessment should include (1) a detailed report describing all the details involved and (2) an executable software package that could be leveraged to replicate the reported experiments.

Tasks

1. Choose a static analysis tool

There are quite a lot of static analyzers available in the community. Here I just list several well-known examples that the students can choose from. The student can still choose other tools including other language-based tools.

- Java: FindBugs
- Android: AndroBugs
- C++: RATS, Flawfinder

2. Understanding the selected tool

The students should explore the selected tool in various aspects, attempting to summarise the capabilities provided by the tool. One way to identify such capabilities could be to go through all the input options that the tool provides.

3. Finding target code to analysis
In this step, the students should choose at least one project (or one Android app) to perform their analysis and that project should contain security issues. Github is a great source that the students can leverage to finding target projects. The following screenshots demonstrate various projects that are mainly written in Java and C++, respectively.

4. Launch the selected analyzing tool to the selected repositories (or Android apps)
After selecting the to-be-tested projects, the next step is to launch the selected static tool to analyse the source code of those selected projects.

The students should clearly describe the setup of their experiments, e.g., how the selected tool is launched, what is the inputs provided? The students are also expected to justify the complexity of the selected projects. How big is the selected projects? Ideally, the more complex the projects selected (e.g., top 10 Java projects hosted on Github), the higher score the assessment will be.

5. Summarize the analyzing results of the a forementioned experiments
After launching the static tool on the selected projects, the tool should generate some results, ideally security issues related to the analysed projects. The students should then summarize those results in various means, attempting to represent those results in more understandable ways. Last but not the least, the students should also provide some insights that are learned from the experiments and could be useful for other code analysers.

Interesting directions that the students are encouraged to explore:
- Comparing the capability of different static analysers
- Comparing the security issues of different projects
- Comparing the different revisions (github releases, tags) of the same project and hence to understand the evolution of security issues.

Attachment:- Assessment Specifications.rar

Verified Expert

This is bug finding assignment done in Arduino and the java programming bug finders and it allows the searcher to find all the bugs and correct it and then do the specification analysis for that particular bug.

Reference no: EM132310134

Questions Cloud

Briefly explain what the simulation modeling relies upon : Based on this knowledge and assumptions, in your own words, briefly explain what the simulation modeling relies upon? Please identify, name, and provide.
Secure IoT Communication using Blockchain Technology : NEF6001 - Research Project - Victoria University - Research Proposal - Secure IoT Communication using Blockchain Technology
What are your expectations of the nurse residency program : What are your expectations of the Nurse Residency Program and how will it help you achieve your goals?
Essential elements of leadership and management : What are the essential elements of leadership and management?
Security issues of software applications : Leveraging static analysis tools to pinpoint security issues of software applications - analyzers available in the community. Here I just list several
Describe the difference between telepresence : Describe the difference between "telepresence" and traditional videoconferencing applications like "Skype"
Conduct a short literature review examining current findings : Conduct a short literature review examining current findings related to hand hygiene practice among healthcare professionals and best practice evidence.
Design a simulated research project proposal : SSA009 - Introduction to Social Research Methods - Loughborough University - design a simulated research project proposal combining the two quantitative methods
Problem solving and systematic problem solving : Explain the difference between intuitive problem solving and systematic problem solving?

Reviews

len2310134

5/22/2019 4:19:46 AM

80% of the assignment mark will be based on the technique report written by the students. The remaining 20% will be the quality of the replication package, which should contain enough message that your tutors (as well as your classmates) can easily re-do your experiments. The report will be marked based on the following criteria: 1. Understanding the general concept of the selected static analysis tool (20%) 2. Clarity and Complexity of the experimental setup (30%) 3. Quality and depth of explanation of the experiment results (30%) 4. Clarity/correctness of the replication package (20%)

len2310134

5/22/2019 4:19:27 AM

use Findbugs for java to analyse two software applications or two different versions of one software application. write a quality report as requirements and step by step. in step 2, you can add some limitations of Findbugs. if you would like use Androbugs to analyse two apks or different versions of one apk, that is fine. please make sure the report should meet the assessments requirements and completed by instructions. some screenshots could be added in report to support analysis.

Write a Review

Software Engineering Questions & Answers

  Research report on software design

Write a Research Report on software design and answer diffrent type of questions related to design. Report contain diffrent basic questions related to software design.

  A case study in c to java conversion and extensibility

A Case Study in C to Java Conversion and Extensibility

  Create a structural model

Structural modeling is a different view of the same system that you analyzed from a functional perspective. This model shows how data is organized within the system.

  Write an report on a significant software security

Write an report on a significant software security

  Development of a small software system

Analysis, design and development of a small software system.

  Systems analysis and design requirements

Systems Analysis and Design requirements

  Create a complete limited entry decision table

Create a complete limited entry decision table

  Explain flow boundaries map

Explain flow boundaries map the dfd into a software architecture using transform mapping.

  Frame diagrams

Prepare a frame diagram for the software systems.

  Identified systems and elements of the sap system

Identify computing devices, which could be used to support Your Improved Process

  Design a wireframe prototype

Design a wireframe prototype to meet the needs of the personas and requirements.

  Explain the characteristics of visual studio 2005

Explain the characteristics of Visual Studio 2005.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd