The Use of Application Scanners in Software Product Quality Assessment

TL;DR

This paper explores integrating application scanners into a comprehensive software quality assessment framework using explicit models and Bayesian networks, demonstrated through a case study on open-source web shops.

Contribution

It introduces a novel method combining application scanners with explicit quality models and Bayesian nets for automated software quality assessment.

Findings

Application scanners can be effectively integrated into quality assessment models.

The case study demonstrates the practical applicability of the approach.

Scanners show promising detection capabilities in real-world scenarios.

Abstract

Software development needs continuous quality control for a timely detection and removal of quality problems. This includes frequent quality assessments, which need to be automated as far as possible to be feasible. One way of automation in assessing the security of software are application scanners that test an executing software for vulnerabilities. At present, common quality assessments do not integrate such scanners for giving an overall quality statement. This paper presents an integration of application scanners into a general quality assessment method based on explicit quality models and Bayesian nets. Its applicability and the detection capabilities of common scanners are investigated in a case study with two open-source web shops.