[Paper] WASC: Static Analysis Technologies Evaluation Criteria v1.0 (SATEC)

The goal of the SATEC (Static Analysis Technologies Evaluation Criteria) project is to create a vendor-neutral set of criteria to help guide application security professionals during the process of acquiring a static code analysis technology that is intended to be used during source-code driven security programs. This document provides a comprehensive list of criteria that should be considered during the evaluation process.

Details:

  • Version 1.0
  • Date: 2013

Target Audience:
The target audience of this document is the technical staff of software organizations who are looking to automate parts of their application security assurance programs using one or more static code analysis technology, as well as application security professionals who are responsible for performing application security reviews. The document will take into consideration those who would be evaluating the technology and those who would actually be using it.

Scope:
The purpose of this document is to develop a set of criteria that should be taken into consideration while evaluating static code analysis tools or services for security testing. The vendor-neutral criteria defined in this document are selected using a consensus-driven review process comprised of volunteer subject matter experts. Every organization is unique and has a unique software development environment, this document aims to help organizations achieve their application security goals through acquiring the most suitable tool for their own unique environment. The document will strictly stay away from evaluating or rating vendors. However, it will focus on the most important aspects of static code analysis technologies that would help the target audience identify the best technology for their environment and development needs.

About Web Application Security Consortium
The Web Application Security Consortium (WASC) is 501c3 non profit made up of an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best-practice security standards for the World Wide Web.

More Information: here

 

Download (PDF): Static Analysis Technologies Evaluation Criteria v1.0

MaxiSoler

www.artssec.com @maxisoler
Efficiency of the Vulnerability Response With vFeed Intelligence

Efficiency of the Vulnerability Response With vFeed Intelligence

CVE In The Hook – Monthly Vulnerability Review (March 2020 Issue)

CVE In The Hook – Monthly Vulnerability Review (March 2020 Issue)

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs

Top 5 Critical CVEs Vulnerability from 2019 That Every CISO Must Patch Before He Gets Fired !

Top 5 Critical CVEs Vulnerability from 2019 That Every CISO Must Patch Before He Gets Fired !

2016 Top Security Tools as Voted by ToolsWatch.org Readers

2016 Top Security Tools as Voted by ToolsWatch.org Readers

ICS/SCADA Top 10 Most Dangerous Software Weaknesses

ICS/SCADA Top 10 Most Dangerous Software Weaknesses