(UPI) Chapter 12: Threat Detection and Defense Techniques Course (How To)

About this Course

In this chapter, the discussion centers on advanced threat detection and defense techniques for web applications, with an emphasis on integrating and benchmarking various security analysis tools. The chapter reviews existing research on static, dynamic, and interactive analysis tools (SAST, DAST, and IAST), proposes a novel methodology for combining these tools to enhance vulnerability detection while reducing false positives, and provides practical insights and rankings based on a comprehensive evaluation using the OWASP Benchmark project.

Syllabus

Background and Related Work

This section presents the background on web technologies security, benchmarking initiatives, security analysis tools, as well as a review and analysis of different security analysis tools combination results in previous comparisons.

Chevron 5 steps

instruction
12.1. Introduction
instruction
12.2.1. Web Applications Security
instruction
12.2.2. Analysis Security Testing
instruction
12.2.3. Related Work
Quiz 12.2

5 questions

12.3. Method Proposal to Analyze AST n-Tools Combinations

In this stage, the chapter presents a detailed methodology for selecting, combining, and benchmarking SAST, DAST, and IAST tools using the OWASP Benchmark project. It describes the process of tool selection, metric definition, and automated metrics calculation to rank tool combinations based on their effectiveness in detecting vulnerabilities across web applications of varying criticality.

Chevron 6 steps