Workshop on Defining the State of the Art in Software Security Tools Year 2005 Peer-reviewed

BibTeX PDF

Web Security · Privacy

Defining a Set of Common Benchmarks for Web Application Security

Benjamin Livshits

2005

Publication year

Peer-reviewed

Type

—

§ Abstract

Summary

Static analysis tools for detecting security vulnerabilities in web applications need standardized benchmarks to evaluate their precision and recall. We present SecuriBench, a set of benchmark programs and security properties for evaluating the effectiveness of static security analysis tools. The benchmark suite includes 8 Java web applications with known security vulnerabilities and a set of 50 test cases covering injection flaws, information flow violations, and access control issues. We define scoring metrics that account for both false positive and false negative rates, and we evaluate several existing static analysis tools against the benchmark, finding significant variation in precision and recall.

Cite this paper — BibTeX

@InProceedings{securibench05livshits,
  author = "Benjamin Livshits",
  title = "Defining a Set of Common Benchmarks for Web Application Security",
  year = "2005",
  month = aug,
}