|
|
|
# Dependability Toolbox - Front-end Walkthrough
|
|
|
|
|
|
|
|
The front-end of the Dependability Toolbox is actually part of the overall SDK4ED Dashboard. The front-end of the the Dependability Toolbox communicates with the back-end, allowing the easy invocation of the main functionalities (i.e., web services) that the toolbox provides, and the visualization of the produced results. In order to connect to the Dependability Toolbox front-end, the user needs to navigate to the SDK4ED Dashboard, which is currently located in the following link:
|
|
|
|
|
|
|
|
http://160.40.52.130:3000/
|
|
|
|
|
|
|
|
> **Attention:** This is the main SDK4ED Dashboard that is set up on our server. If the SDK4ED Dashboard has been installed and set up on the local machine, then the user should navigate to the following link instead:
|
|
|
|
>
|
|
|
|
> http://<local_IP>:<defined_port>/
|
|
|
|
|
|
|
|
After navigating to this URL, the user is presented with a Login Page (see the figure below). If the user connects for the first time to the SDK4ED Dashboard, he/she will need to register first, by selecting the "Register" option that is available under the Login Form. If the user already has an account, he/she needs to provide their credentials, and click the "Login" button.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If the credentials are correct, the user is redirected to the *Home Page* of the *SDK4ED Dashboard* (see figure below). In order to navigate to the Dependability Toolbox front-end, the user has to click on the *Dependability* Menu Item at the top right part of the page (see the red arrow in the figure below). Upon click, a drop-down list is presented with two options, namely "Security" and "Optimal Checkpoints". The first option will navigate the user to the "Security" page of the SDK4ED Dashboard, which allows the user to invoke the security-relevant web services of the Dependability Toolbox. The second option will navigate the user to the "Optimal Checkpoint" page, which allows the user to invoke the reliability-related web service of the Dependability Toolbox, i.e., the service that calculates the optimum checkpoint interval for long loops.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Suppose that the user selects the "Security" option from the drop-down list. Then he/she is navigated to the page presented in the figure below.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
As can be seen by the figure above, the page provides a drop-down list for selecting a software project (the displayed projects in the example are the three projects provided by the use case providers of the SDK4ED Project), and two buttons, namely ”Last Analysis” and ”New Analysis”. By clicking on the ”Last Analysis” button, the latest assessment results that are associated with the selected software project are presented to the user. If the ”New Analysis” button is clicked, a new analysis of the selected software application is performed, by invoking the *Quantitative Security Assessment* and *Vulnerability Prediction* web services of the Dependability Toolbox back-end (see the [Description](dependability-toolbox-description) and [Usage](dependability-toolbox-usage) Wiki Pages for more information regarding these services). In either case, the assessment results of the selected software application are parsed and presented to the user through different types of visualizations.
|
|
|
|
|
|
|
|
Suppose that the user selects the "Holisun" project from the drop-down list and then clicks either on the "Last Analysis" or on the "New Analysis" button. Behind the scenes the appropriate web services are invoked and when the results are ready the page is rendered in order to visualize them. The results of the "Holisun" Project are presented in the following figures.
|
|
|
|
|
|
|
|
At the top part of the page, the results of the *Quantitative Security Assessment* web service for the "Holisun" project are presented (see the figure below). As can be seen by this figure, the overall *Security Index* of the analyzed application is shown both in a numerical and in a discrete form (i.e., stars). In addition to this, two radar charts are provided, showing the individual scores of the *Security Properties* and *Security Characteristics*.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Apart from these high-level charts, a detailed table with the specific security issues that were identified through static analysis (and used for the calculation of the high-level scores presented above) is also provided on the same page. A screenshot of this table (containing the results of the "Holisun" project) is presented below:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The high-level charts are expected to give a high-level overview of the broader security level of the analyzed software and pinpoint broader security problems, whereas the detailed table allows developers identify the exact issues that need to be fixed in order to improve the security of the application. For instance, in the HOLISUN’s case, as can be shown in the figure above, the analyzed application receives a relatively high overall security score (i.e., *Security Index*). However, there is space for improvements. A closer look at the radar chart of the *Security Properties* reveals that a small score is assigned by the service to the *Logging* property. Hence, based on this observation, the developers could better organize their refactoring activities, by starting from issues that belong to this *Security Property*. Hence, the developers, through the detailed table, could narrow down their focus only to the static analysis alerts (i.e., security issues) that are related to the *Logging* property.
|
|
|
|
|
|
|
|
The second part of this page contains the results of the *Vulnerability Prediction* page. The purpose of the *Vulnerability Prediction* web service is to detect security hotspots, i.e., source code files that belong to a software project and are likely to contain vulnerabilities. The results of the *Vulnerability Prediction* web service are presented both in graphical and in tabular form. As can be shown in the figure below, the results of the vulnerability prediction are illustrated in the form of a heatmap. It should be noted that the heatmap contains the results of the "Holisun" project.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In this heatmap each rectangle corresponds to a specific source code file of the analyzed software project, whereas the color of the rectangle denotes the probability of the corresponding source code file to contain vulnerabilities. More specifically, the greener the rectangle (i.e., the darker its shade), the higher the probability of its associated source code file to contain vulnerabilities. This visualization is considered very useful for the developers and project managers, as it allows them to easily pinpoint the hotspots of the software project, i.e., source code files that are likely to be vulnerable.
|
|
|
|
|
|
|
|
The detailed results of the vulnerability prediction analysis are also provided in the form of a table (see figure below). Each line of the table contains information for a specific source code file of the analyzed software project, including its vulnerability status and its probability of containing vulnerabilities. The table also allows the user to rank the source code files based on their probability to contain vulnerabilities. This is expected to facilitate the prioritization of the testing and fortification efforts of the software developers, by allocating limited test resources to high risk (i.e., potentially vulnerable) areas. For example, more exhaustive security testing can be applied to source code files that are more likely to contain vulnerabilities.
|
|
|
|
|
|
|
|
 |
