GI LogoGI Logo
  • Login
Digital Library
    • All of DSpace

      • Communities & Collections
      • Titles
      • Authors
      • By Issue Date
      • Subjects
    • This Collection

      • Titles
      • Authors
      • By Issue Date
      • Subjects
Digital Library Gesellschaft für Informatik e.V.
GI-DL
    • English
    • Deutsch
  • English 
    • English
    • Deutsch
View Item 
  •   DSpace Home
  • Lecture Notes in Informatics
  • Proceedings
  • Sicherheit
  • P228 - Sicherheit 2014 - Sicherheit, Schutz und Zuverlässigkeit
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
  •   DSpace Home
  • Lecture Notes in Informatics
  • Proceedings
  • Sicherheit
  • P228 - Sicherheit 2014 - Sicherheit, Schutz und Zuverlässigkeit
  • View Item

Deploying static application security testing on a large scale

Author:
Brucker, Achim [DBLP] ;
Sodan, Uwe [DBLP]
Abstract
Static Code Analysis (SCA), if used for finding vulnerabilities also called Static Application Security Testing (SAST), is an important technique for detecting software vulnerabilities already at an early stage in the software development lifecycle. As such, SCA is adopted by an increasing number of software vendors. The wide-spread introduction of SCA at a large software vendor, such as SAP, creates both technical as well as non-technical challenges. Technical challenges include high false positive and false negative rates. Examples of non-technical challenges are the insufficient security awareness among the developers and managers or the integration of SCA into a software development life-cycle that facilitates agile development. Moreover, software is not developed following a greenfield approach: SAP's security standards need to be passed to suppliers and partners in the same manner as SAP's customers begin to pass their security standards to SAP. In this paper, we briefly present how the SAP's Central Code Analysis Team introduced SCA at SAP and discuss open problems in using SCA both inside SAP as well as across the complete software production line, i. e., including suppliers and partners.
  • Citation
  • BibTeX
Brucker, A. & Sodan, U., (2014). Deploying static application security testing on a large scale. In: Katzenbeisser, S., Lotz, V. & Weippl, E. (Hrsg.), Sicherheit 2014 – Sicherheit, Schutz und Zuverlässigkeit. Bonn: Gesellschaft für Informatik e.V.. (S. 91-101).
@inproceedings{mci/Brucker2014,
author = {Brucker, Achim AND Sodan, Uwe},
title = {Deploying static application security testing on a large scale},
booktitle = {Sicherheit 2014 – Sicherheit, Schutz und Zuverlässigkeit},
year = {2014},
editor = {Katzenbeisser, Stefan AND Lotz, Volkmar AND Weippl, Edgar} ,
pages = { 91-101 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
DateienGroesseFormatAnzeige
91.pdf133.1Kb PDF View/Open

Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback

More Info

ISBN: 978-3-88579-622-0
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2014
Language: en (en)
Content Type: Text/Conference Paper
Collections
  • P228 - Sicherheit 2014 - Sicherheit, Schutz und Zuverlässigkeit [38]

Show full item record


About uns | FAQ | Help | Imprint | Datenschutz

Gesellschaft für Informatik e.V. (GI), Kontakt: Geschäftsstelle der GI
Diese Digital Library basiert auf DSpace.

 

 


About uns | FAQ | Help | Imprint | Datenschutz

Gesellschaft für Informatik e.V. (GI), Kontakt: Geschäftsstelle der GI
Diese Digital Library basiert auf DSpace.