| ... | ... | @@ -63,7 +63,7 @@ In brief, we want to analyze the security level of the HelloWorldCompiled projec |
|
|
|
Hence, the following HTTP GET Request needs to be submitted:
|
|
|
|
|
|
|
|
```
|
|
|
|
http://160.40.52.130:8087/DependabilityToolbox/SecurityAssessment?project=https://github.com/siavvasm/HelloWorldJavaCompiled&lang=java&inspection=yes
|
|
|
|
http://160.40.52.130:8089/DependabilityToolbox/SecurityAssessment?project=https://github.com/siavvasm/HelloWorldJavaCompiled&lang=java&inspection=yes
|
|
|
|
```
|
|
|
|
|
|
|
|
After submitting the request, the Quantitative Security Assessment (QSA) service in invoked and the selected project is analyzed with respect to its Security. In brief, QSA selects the Security Assessment Model for Java, performs static analysis, and aggregates the results according to the model, in order to compute a set of Security Metrics, as well as the overall *Security Index* of the selected project (for more information about the *Security Assessment Model* we refer the reader to the materials that are listed in the References section of the [Dependability Toolbox Description](dependability-toolbox-description) wiki page. After the successful execution of the analysis, a JSON report with the results is produced and sent as a response to the user. The produced JSON for the *HelloWorldCompiled* project is presented below. (It should be noted that for reasons of brevity, although the report provides additional information, this information has been removed from the JSON below, to facilitate its readability)
|
| ... | ... | @@ -311,7 +311,7 @@ In brief, we want to analyze the HelloWorldCompiled project, with the purpose to |
|
|
|
Hence, the following HTTP GET Request needs to be submitted:
|
|
|
|
|
|
|
|
```
|
|
|
|
http://160.40.52.130:8087/DependabilityToolbox/VulnerabilityPrediction?project=https://github.com/siavvasm/HelloWorldJavaCompiled&lang=java
|
|
|
|
http://160.40.52.130:8089/DependabilityToolbox/VulnerabilityPrediction?project=https://github.com/siavvasm/HelloWorldJavaCompiled&lang=java
|
|
|
|
```
|
|
|
|
|
|
|
|
After submitting the request, the *Vulnerability Prediction* service in invoked and the selected project is analyzed. In brief, the service selects the most suitable Deep Learning Model for the selected software project, and perform text mining in order to produce vectors with tokens (i.e., keywords) for each one of the source code files of the project. Subsequently, these vectors are passed as input to the selected Deep Learning Model, which computes the likelihood of vulnerability and classifies the corresponding file as potentially vulnerble or benign (for more information about the *Security Assessment Model* we refer the reader to the materials that are listed in the References section of the [Dependability Toolbox Description](dependability-toolbox-description) wiki page). After the successful execution of the analysis, a JSON report with the results is produced and sent as a response to the user. The produced JSON for the *HelloWorldCompiled* project is presented below:
|
| ... | ... | @@ -400,7 +400,7 @@ For better understanding, an example is presented in the following demonstrating |
|
|
|
Hence, the following HTTP POST Request needs to be submitted:
|
|
|
|
|
|
|
|
```
|
|
|
|
http://160.40.52.130:8087/DependabilityToolbox/OptimalCheckpoint
|
|
|
|
http://160.40.52.130:8089/DependabilityToolbox/OptimalCheckpoint
|
|
|
|
```
|
|
|
|
|
|
|
|
Having the following JSON Body:
|
| ... | ... | |
