Open Source Solutions for Vulnerability Assessment: A Comparative Analysis

Abstract: As software applications continue to become more complex and attractive to cyber-attackers, enhancing resilience against cyber threats becomes essential. Aiming to provide more robust solutions, different approaches were proposed for vulnerability detection in different stages of the application lifecycle. This article explores three main approaches to application security: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). The anal… Show more

“…They find that although both open-source and commercial DAST tools can be effective, no single tool was effective in finding all the vulnerabilities. Cruz et al [28] compare Open-Source SAST, DAST, and Software Composition Analysis (SCA) tools. The authors found combinations of tools were more effective than using one particular tool or approach.…”

Comparing Effectiveness and Efficiency of Interactive Application Security Testing (Iast) and Runtime Application Self-Protection (Rasp) Tools in A Large Java-Based System

“…They find that although both open-source and commercial DAST tools can be effective, no single tool was effective in finding all the vulnerabilities. Cruz et al [28] compare Open-Source SAST, DAST, and Software Composition Analysis (SCA) tools. The authors found combinations of tools were more effective than using one particular tool or approach.…”

Comparing Effectiveness and Efficiency of Interactive Application Security Testing (Iast) and Runtime Application Self-Protection (Rasp) Tools in A Large Java-Based System

DevSec-GPT — Generative-AI (with Custom-Trained Meta's Llama2 LLM), Blockchain, NFT and PBOM Enabled Cloud Native Container Vulnerability Management and Pipeline Verification Platform