Static application security testing (English Wikipedia)

Hossain, Shahadat (October 2018). "Rework and Reuse Effects in Software Economy". Global Journal of Computer Science and Technology. 18 (C4): 35–50.

doi.org

Okun, V.; Guthrie, W. F.; Gaucher, H.; Black, P. E. (October 2007). "Effect of static analysis tools on software security: preliminary investigation" (PDF). Proceedings of the 2007 ACM Workshop on Quality of Protection. ACM: 1–5. doi:10.1145/1314257.1314260. S2CID 6663970.
Ayewah, N.; Hovemeyer, D.; Morgenthaler, J.D.; Penix, J.; Pugh, W. (September 2008). "Using static analysis to find bugs". IEEE Software. 25 (5). IEEE: 22–29. doi:10.1109/MS.2008.130. S2CID 20646690.
Parizi, R. M.; Qian, K.; Shahriar, H.; Wu, F.; Tao, L. (July 2018). "Benchmark Requirements for Assessing Software Security Vulnerability Testing Tools". 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC). IEEE. pp. 825–826. doi:10.1109/COMPSAC.2018.00139. ISBN 978-1-5386-2666-5. S2CID 52055661.
Chess, B.; McGraw, G. (December 2004). "Static analysis for security". IEEE Security & Privacy. 2 (6). IEEE: 76–79. doi:10.1109/MSP.2004.111.
Chess, B.; McGraw, G. (October 2004). "Risk Analysis in Software Design". IEEE Security & Privacy. 2 (4). IEEE: 76–84. doi:10.1109/MSP.2004.55.
Yamaguchi, Fabian; Lottmann, Markus; Rieck, Konrad (December 2012). "Generalized vulnerability extrapolation using abstract syntax trees". Proceedings of the 28th Annual Computer Security Applications Conference. Vol. 2. IEEE. pp. 359–368. doi:10.1145/2420950.2421003. ISBN 9781450313124. S2CID 8970125.
Booch, Grady; Kozaczynski, Wojtek (September 1998). "Component-Based Software Engineering". IEEE Software. 15 (5): 34–36. doi:10.1109/MS.1998.714621. S2CID 33646593.
Mezo, Peter; Jain, Radhika (December 2006). "Agile Software Development: Adaptive Systems Principles and Best Practices". Information Systems Management. 23 (3): 19–30. doi:10.1201/1078.10580530/46108.23.3.20060601/93704.3. S2CID 5087532.
Jovanovic, N.; Kruegel, C.; Kirda, E. (May 2006). "Pixy: A static analysis tool for detecting Web application vulnerabilities". 2006 IEEE Symposium on Security and Privacy (S&P'06). IEEE. pp. 359–368. doi:10.1109/SP.2006.29. ISBN 0-7695-2574-1. S2CID 1042585.
Xianyong, Meng; Qian, Kai; Lo, Dan; Bhattacharya, Prabir; Wu, Fan (June 2018). "Secure Mobile Software Development with Vulnerability Detectors in Static Code Analysis". 2018 International Symposium on Networks, Computers and Communications (ISNCC). pp. 1–4. doi:10.1109/ISNCC.2018.8531071. ISBN 978-1-5386-3779-1. S2CID 53288239.
Okun, V.; Guthrie, W. F.; Gaucher, H.; Black, P. E. (October 2007). "Effect of static analysis tools on software security: preliminary investigation" (PDF). Proceedings of the 2007 ACM Workshop on Quality of Protection. ACM: 1–5. doi:10.1145/1314257.1314260. S2CID 6663970.
Siavvas, M.; Tsoukalas, D.; Janković, M.; Kehagias, D.; Chatzigeorgiou, A.; Tzovaras, D.; Aničić, N.; Gelenbe, E. (August 2019). "An Empirical Evaluation of the Relationship between Technical Debt and Software Security". In Konjović, Z.; Zdravković, M.; Trajanović, M. (eds.). International Conference on Information Society and Technology 2019 Proceedings (Data set). Vol. 1. pp. 199–203. doi:10.5281/zenodo.3374712.
Tahaei, Mohammad; Vaniea, Kami; Beznosov, Konstantin (Kosta); Wolters, Maria K (6 May 2021). Security Notifications in Static Analysis Tools: Developers' Attitudes, Comprehension, and Ability to Act on Them. pp. 1–17. doi:10.1145/3411764.3445616. ISBN 9781450380966. S2CID 233987670.
Arreaza, Gustavo Jose Nieves (June 2019). "Methodology for Developing Secure Apps in the Clouds. (MDSAC) for IEEECS Confererences". 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). IEEE. pp. 102–106. doi:10.1109/CSCloud/EdgeCom.2019.00-11. ISBN 978-1-7281-1661-7. S2CID 203655645.

ed.ac.uk

research.ed.ac.uk

Tahaei, Mohammad; Vaniea, Kami; Beznosov, Konstantin (Kosta); Wolters, Maria K (6 May 2021). Security Notifications in Static Analysis Tools: Developers' Attitudes, Comprehension, and Ability to Act on Them. pp. 1–17. doi:10.1145/3411764.3445616. ISBN 9781450380966. S2CID 233987670.

nist.gov

samate.nist.gov

Okun, V.; Guthrie, W. F.; Gaucher, H.; Black, P. E. (October 2007). "Effect of static analysis tools on software security: preliminary investigation" (PDF). Proceedings of the 2007 ACM Workshop on Quality of Protection. ACM: 1–5. doi:10.1145/1314257.1314260. S2CID 6663970.
Okun, V.; Guthrie, W. F.; Gaucher, H.; Black, P. E. (October 2007). "Effect of static analysis tools on software security: preliminary investigation" (PDF). Proceedings of the 2007 ACM Workshop on Quality of Protection. ACM: 1–5. doi:10.1145/1314257.1314260. S2CID 6663970.

privacyrights.org

"Data Breaches | Privacy Rights Clearinghouse". privacyrights.org.

securityinfowatch.com

"Clearswift report: 40 percent of firms expect a data breach in the Next Year". Endeavor Business Media. 20 November 2015. Retrieved 8 January 2024.

semanticscholar.org

api.semanticscholar.org

Okun, V.; Guthrie, W. F.; Gaucher, H.; Black, P. E. (October 2007). "Effect of static analysis tools on software security: preliminary investigation" (PDF). Proceedings of the 2007 ACM Workshop on Quality of Protection. ACM: 1–5. doi:10.1145/1314257.1314260. S2CID 6663970.
Ayewah, N.; Hovemeyer, D.; Morgenthaler, J.D.; Penix, J.; Pugh, W. (September 2008). "Using static analysis to find bugs". IEEE Software. 25 (5). IEEE: 22–29. doi:10.1109/MS.2008.130. S2CID 20646690.
Parizi, R. M.; Qian, K.; Shahriar, H.; Wu, F.; Tao, L. (July 2018). "Benchmark Requirements for Assessing Software Security Vulnerability Testing Tools". 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC). IEEE. pp. 825–826. doi:10.1109/COMPSAC.2018.00139. ISBN 978-1-5386-2666-5. S2CID 52055661.
Yamaguchi, Fabian; Lottmann, Markus; Rieck, Konrad (December 2012). "Generalized vulnerability extrapolation using abstract syntax trees". Proceedings of the 28th Annual Computer Security Applications Conference. Vol. 2. IEEE. pp. 359–368. doi:10.1145/2420950.2421003. ISBN 9781450313124. S2CID 8970125.
Booch, Grady; Kozaczynski, Wojtek (September 1998). "Component-Based Software Engineering". IEEE Software. 15 (5): 34–36. doi:10.1109/MS.1998.714621. S2CID 33646593.
Mezo, Peter; Jain, Radhika (December 2006). "Agile Software Development: Adaptive Systems Principles and Best Practices". Information Systems Management. 23 (3): 19–30. doi:10.1201/1078.10580530/46108.23.3.20060601/93704.3. S2CID 5087532.
Jovanovic, N.; Kruegel, C.; Kirda, E. (May 2006). "Pixy: A static analysis tool for detecting Web application vulnerabilities". 2006 IEEE Symposium on Security and Privacy (S&P'06). IEEE. pp. 359–368. doi:10.1109/SP.2006.29. ISBN 0-7695-2574-1. S2CID 1042585.
Xianyong, Meng; Qian, Kai; Lo, Dan; Bhattacharya, Prabir; Wu, Fan (June 2018). "Secure Mobile Software Development with Vulnerability Detectors in Static Code Analysis". 2018 International Symposium on Networks, Computers and Communications (ISNCC). pp. 1–4. doi:10.1109/ISNCC.2018.8531071. ISBN 978-1-5386-3779-1. S2CID 53288239.
Okun, V.; Guthrie, W. F.; Gaucher, H.; Black, P. E. (October 2007). "Effect of static analysis tools on software security: preliminary investigation" (PDF). Proceedings of the 2007 ACM Workshop on Quality of Protection. ACM: 1–5. doi:10.1145/1314257.1314260. S2CID 6663970.
Tahaei, Mohammad; Vaniea, Kami; Beznosov, Konstantin (Kosta); Wolters, Maria K (6 May 2021). Security Notifications in Static Analysis Tools: Developers' Attitudes, Comprehension, and Ability to Act on Them. pp. 1–17. doi:10.1145/3411764.3445616. ISBN 9781450380966. S2CID 233987670.
Arreaza, Gustavo Jose Nieves (June 2019). "Methodology for Developing Secure Apps in the Clouds. (MDSAC) for IEEECS Confererences". 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). IEEE. pp. 102–106. doi:10.1109/CSCloud/EdgeCom.2019.00-11. ISBN 978-1-7281-1661-7. S2CID 203655645.

verizon.com

"2016 Data Breach Investigations Report" (PDF). Verizon. 2016. Retrieved 8 January 2016.