ASSESSMENT OF ROSLYN ANALYZERS FOR VISUAL STUDIO

Sundström, Jürgen

diva-portal.org

Digitala Vetenskapliga Arkivet

Simple search

Advanced search -
Research publications Advanced search -
Student theses Statistics

English Svenska Norsk

Change search

Cite ExportLink to record

Permanent link

https://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-163370

Direct link

http://www.diva-portal.org/smash/record.jsf?pid=diva2:1351980

Cite

Citation style

apa
ieee
modern-language-association-8th-edition
vancouver
Other style

More styles

Language

de-DE
en-GB
en-US
fi-FI
nn-NO
nn-NB
sv-SE
Other locale

More languages

Output format

html
text
asciidoc
rtf

ASSESSMENT OF ROSLYN ANALYZERS FOR VISUAL STUDIO

Sundström, Jürgen

Umeå University, Faculty of Science and Technology, Department of Computing Science.

2019 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis

Abstract [en]

Soware security is an ever growing subject that is getting more important as we implement more software into our daily lives. We want to protect our personal information and keep our privacy intact. Since our software systems are getting more complex as well, software developers need support in the form of tools that can help them to keep the software free from vulnerabilities. There are many such tools available but the focus of this study is investigating the performance of the fairly new Roslyn analyzers for security that can be embedded into Visual Studio.Since Roslyn analyzers for security are, in the time of writing (June 2019), not subject in any released studies the goal is to lay a foundation for future work regarding these types of tools. Therefore three Roslyn analyzers for security are being compared, on source code in the C# programming language provided by the SAMATE project, both with each other but also against classic static analysis tools.Four vulnerability categories from the SAMATE test suite for C# are used to investigate the analyzers, namely OS command injection (CWE-078), SQL Injection (CWE-089), XML Injection (CWE-091) and Cryptography algorithms (CWE-327).The performance of the analyzers is measured with the metrics recall, precision and F-measure which are commonly used in other similar studies and makes it possible to compare the results obtained within this study with the results ofother studies within the field.The results of this study are inconclusive as the scope chosen turns out to be to narrow. Two of the analyzers are not generating warnings for two or more of the vulnerability categories which makes it impossible to compare them with each other in a reasonable fashion. Even comparing the analyzers with classic static analysis tools is obsolete since there is only one representative from the Roslyn analyzers which does not say much about the general performance of these analyzers.The study reveals the necessity of a more complete and controlled test suite to evaluate security tools on source code wrien in C#.i

Place, publisher, year, edition, pages

2019. , p. 29

Series

UMNAD ; 1190

National Category

Engineering and Technology

Identifiers

URN: urn:nbn:se:umu:diva-163370OAI: oai:DiVA.org:umu-163370DiVA, id: diva2:1351980

External cooperation

Region Västerbotten

Educational program

Bachelor of Science Programme in Computing Science

Supervisors

Nordström, Marie

Examiners

Johansson, Pedher

Available from: 2019-09-17 Created: 2019-09-17 Last updated: 2019-09-17Bibliographically approved

Open Access in DiVA

fulltext(563 kB)

532 downloads

File information

File name FULLTEXT01.pdfFile size 563 kBChecksum SHA-512

1c520154523dcda5445ebecc76e1bfbff19fbf972c07db2c4acd63cab2bfaa0e63748b06d42cded8aad007e3c1de0f27629ea304b7373122289632debf8c5bfd

Type fulltextMimetype application/pdf

Total: 533 downloads

The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Total: 574 hits