| dc.contributor.author | Ghebrehiwet Ghebremedhin, Abraham | |
| dc.date.accessioned | 2012-10-03T11:19:50Z | |
| dc.date.available | 2012-10-03T11:19:50Z | |
| dc.date.issued | 2012 | |
| dc.identifier.uri | http://hdl.handle.net/11250/137555 | |
| dc.description | Masteroppgave i informasjons- og kommunikasjonsteknologi IKT590 2012 – Universitetet i Agder, Grimstad | no_NO |
| dc.description.abstract | Organizations that implement open source software in their system before they verify the software for
security vulnerabilities are more vulnerable to attacks. Therefore, it is important to discover and fix
vulnerabilities in open source software before their implementation. Nowadays different techniques
exist that help in the vulnerability discovery. The goal of this project is to improve the security of open
source software by discovering various source code vulnerabilities using static source code analysis
technique, and design and architectural vulnerabilities by developing a threat risk model. I conducted a
case study on a remote desktop connection manager application using two static analysis tools and one
threat risk modeling tool. In the case study performed, I found that the static analysis tools discovered
large number of different types of vulnerabilities on the application. I also discovered some design and
architectural vulnerabilities using the threat risk modeling tool. The results obtained from the case
study suggest that it is unsafe to deploy open source software in a system without first verifying it for
vulnerabilities. | no_NO |
| dc.language.iso | eng | no_NO |
| dc.publisher | Universitetet i Agder / University of Agder | no_NO |
| dc.title | Combining static source code analysis and threat assessment modeling for testing open source software security | no_NO |
| dc.type | Master thesis | no_NO |
| dc.source.pagenumber | 121 | no_NO |
