A Review on Benchmarking: Comparing the Static Analysis Tools (SATs) in Web Security

Abstract

In this present IOT (Internet of things) era, strong security in a Web application is critical to the success of your online presence. Security importance has grown on a vast scale among Web application. Static analysis tools (SATs) are currently useful tools for developers to explore the vulnerabilities present in the initial source code in a Web application. The aim of the SAT is to improve the effectiveness and usefulness of the source code. There are many SATs are present in this era. However, different tools provide different results according to the complexity of the source code underneath analysis and the application scenario. To compare tool abilities, benchmarking is used on SATs. Benchmarks are used for comparing and accessing different system codes and components. Thus, while reporting the alarm information to the tools, vulnerability missing causes a problem and gives the result as a poor infrastructure of the source code. Benchmark is used to address the limitation of the SATs. However, present benchmarks have strict representative restrictions, disregarding the specificity of the domain, where the tools under the benchmarking will be used. In this paper, benchmark is introduced to compare and access static analysis tools (SATs) in terms of their vulnerability detection capabilities for security. Benchmark uses four real-life development scenarios, including workload with different goals and constraints.