• A
  • A
  • A
  • ABC
  • ABC
  • ABC
  • А
  • А
  • А
  • А
  • А
Regular version of the site
For visually-impairedFor visually-impairedUser profile (HSE staff only)Search
Advanced search
Menu
HSE University
  • HSE University
  • Student Theses
  • Development Of a System For Processing The Results Of Static Code Analysis and Fuzzing Testing Of Web Applications To Reduce False Positives

Development Of a System For Processing The Results Of Static Code Analysis and Fuzzing Testing Of Web Applications To Reduce False Positives

Student: Yakimov Denis

Supervisor: Maxim Shubin

Faculty: HSE Tikhonov Moscow Institute of Electronics and Mathematics (MIEM HSE)

Educational Programme: Cyber Security (Specialist)

Year of Graduation: 2021

The main goal of this graduation work is developing a tool to increase the accuracy of the results of web application scanning tools and static code analyzers. There is an observing web application scanning tools (OWASP ZAP, Arachni), static code analyzers (Bandit, Semgrep, FindSecBugs), as well as mechanisms for routing web application traffic of Django and Flask frameworks (Python), Spring (Java), Gorilla Mux and Gin (Golang). An algorithm is proposed that allows improving the results of searching for vulnerabilities by bringing the results to a single form of representation from a different class of tools (static and dynamic analysis). Also, a prototype of a tool for testing the algorithm on a code base has been developed. The developed tool can be used to improve the efficiency of searching for vulnerabilities in web applications.

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses