|
|
|
# Software Security Verification and Validation Platform
|
|
|
|
|
|
|
|
## Summary/Overview
|
|
|
|
|
|
|
|
The purpose of the present platform is to facilitate project managers and software engineers monitor and optimize the security level of their software applications. This is achieved through the provision of novel models for (i) providing quantitative expressions of the security level of software products, and (ii) identifying potential security hotspots, i.e., software components that are likely to contain vulnerabilities. In particular, the following models/techniques/mechanisms are provided:
|
|
|
|
|
|
|
|
- **Quantitative Security Assessment (QSA):** The purpose of this mechanism is to evaluate the internal security level of a given software product in a quantifiable way. In particular, it employs static analysis in order to detect issues with potential security impact and aggregates the results of static analysis using state-of-the-art security models in order to compute high-level measures which reflect important security aspects of the analyzed software (e.g., Confidentiality, Availability, etc.). It also reports the overall security score of the analyzed software, i.e., the Security Index.
|
|
|
|
|
|
|
|
- **Vulnerability Prediction (VP):** The purpose of this mechanism is to highlight security hotspots that reside in a given software, i.e., software components that are likely to contain vulnerabilities. In particular, it is based on machine learning models, which receive as input features extracted from the analyzed software from its source code either through text mining or static analysis, and decide whether each component is likely to contain a vulnerability or not.
|
|
|
|
|
|
|
|
The aforementioned mechanisms (i.e., toolboxes) are available as standalone Microservices that can be individually invoked through HTTP Requests. A central front-end has been developed, i.e., a dashboard, which provides an easy-to-use interface for using all the functionalities that are provided by the broader platform through graphical elements and a way to better visualize the results of the analysis, instead of requests.
|
|
|
|
|
|
|
|
## Table of Contents
|
|
|
|
|
|
|
|
- [Front-end (Dashboard)]()
|
|
|
|
|
|
|
|
- [Description]()
|
|
|
|
- [User and Project Management](User-Project-Management)
|
|
|
|
- [Installation](Frontend-Installation)
|
|
|
|
- [Walkthrough](tutorial)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- [Back-end (Services)]()
|
|
|
|
|
|
|
|
- [Quantitative Security Assessment (QSA)](Technical-Debt-Toolbox)
|
|
|
|
- [Vulnerability Prediction (VP)](Energy-Toolbox)
|
|
|
|
|
|
|
|
|