Comparing effectiveness and efficiency of interactive application security testing (IAST) and runtime application self-protection (RASP) tools in a large java-based system
: Security resources are scarce, and practitioners need guidance in the effective and efficient usage of techniques and tools available in the cybersecurity industry for detecting and preventing the exploitation of vulnerabilities in software, as per the practitioners’ requirements. Two emerging tool types, Interactive Application Security Testing (IAST) and Runtime Application Self-Protection (RASP), have not been thoroughly evaluated against well-established counterparts such as Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST). The goal of this research is to aid practitioners in making informed choices about the use of Interactive Application Security Testing (IAST) and Runtime Application Self-Protection (RASP) tools through an analysis of their effectiveness and efficiency in comparison with other vulnerability detection and exploit prevention techniques and tools.This paper aligns with the ESEM audience as it provides an empirical evaluation of emerging software security testing techniques and tools IAST and RASP using a large, real-world system and a replicated, validated methodology. The study quantitatively analyzes the techniques and tools IAST and RASP effectiveness and efficiency, addressing a critical need for data- driven guidance in secure software engineering. Moreover, its contributions in experimental design, measurement, and comparative analysis make it well-suited for the ESEM audience interested security focused software engineering practices.
Fri 3 OctDisplayed time zone: Hawaii change
14:00 - 15:20 | Software TestingESEM - Emerging Results and Vision Track / ESEM - Journal First Track / ESEM - Technical Track / at Kaiulani II Chair(s): Márcio Ribeiro Federal University of Alagoas, Brazil | ||
14:00 16mTalk | An Empirical Investigation into Maintenance of Load Testing Scripts ESEM - Emerging Results and Vision Track Ibuki Nakamura Nara Institute of Science and Technology, Kosei Horikawa Nara Institute of Science and Technology, Brittany Reid Nara Institute of Science and Technology, Yutaro Kashiwa Nara Institute of Science and Technology, Hajimu Iida Nara Institute of Science and Technology | ||
14:16 16mTalk | A Vision for Debiasing Confirmation Bias in Software Testing via LLM ESEM - Emerging Results and Vision Track Iflaah Salman Lappeenranta-Lahti University of Technology (LUT), Muhammad Waseem Faculty of Information Technology and Communication Sciences, Tampere University, 33014 Tampere, Finland, Vladimir Mandić Faculty of Technical Sciences, University of Novi Sad, Rasanjana Dhanushkha De Alwis Lappeenranta-Lahti University of Technology LUT | ||
14:32 16mTalk | Comparing effectiveness and efficiency of interactive application security testing (IAST) and runtime application self-protection (RASP) tools in a large java-based system ESEM - Journal First Track Aishwwarya Seth Microsoft, Saikath Bhattacharya Illinois State University, Sarah Elder UNC-Wilmington, Nusrat Zahan North Carolina State University, Laurie Williams North Carolina State University | ||
14:48 16mTalk | Is Diversity a Meaningful Metric in Fairness Testing? ESEM - Technical Track | ||
15:04 16mTalk | Where Tests Fall Short: Empirically Analyzing Oracle Gaps in Covered Code ESEM - Technical Track Megan Maton University of Sheffield, Gregory Kapfhammer Allegheny College, Phil McMinn University of Sheffield | ||