Static source code analysis in agile development methodologies

Bisera Milosheska (2016) Static source code analysis in agile development methodologies. MSc thesis.

Preview

Abstract

This study investigates static code analysis for security audit in an industrial and agile settings. The case study is Telenor Digital, located in Norway. The study aims to understand the challenges for implementing a static code analysis tool from agile developers perspective. The study investigated static code analysis tools on a benchmark security test suite (NIST Juliet Test Suite) in order to make an informed decision by comparing the tools on the basis of their true positive rate and discrimination rate. Lastly, a post-evaluation of the implemented static analysis tool at Telenor was performed. The results of this work shed more light on what are the challenges for implementing a static code analysis tool for security audit in an agile settings. The findings also identify the most important factors for adopting a particular tool, the trade-offs the teams are willing to make to adopt this kind of tool and the relevant metrics for tools evaluation in order to support adoption of such tools.

Item Type:

Thesis (MSc thesis)

Keywords:

security in agile methodologies, static analysis for security testing, independent evaluation of static analysis tools

Number of Pages:

118

Language of Content:

English

Mentor / Comentors:

Name and Surname	ID	Function
prof. dr. Viljan Mahnič	241	Mentor

Link to COBISS:

http://www.cobiss.si/scripts/cobiss?command=search&base=51012&select=(ID=1537345219)

Institution:

University of Ljubljana

Department:

Faculty of Computer and Information Science

Item ID:

3684

Date Deposited:

02 Feb 2017 10:07

Last Modified:

03 Feb 2017 08:27

URI:

http://eprints.fri.uni-lj.si/id/eprint/3684

Actions (login required)

View Item