Spring Framework Benchmarking Utility for Static Application Security Testing (SAST) Tools

Software developers face several challenges when creating or maintaining applications, security assurance is one of them. To minimise the occurrence of vulnerabilities, developers utilise various solutions including static application security testing (SAST) tools. These tools use different analysis techniques to detect application flaws and support various programming languages, frameworks and third-party libraries. It is important to understand their capabilities. To the authors’ knowledge, researchers have not yet addressed the gap in the benchmarking of SAST tools used with Spring framework. Therefore, this research proposes a benchmarking utility that is designed to assess the performance of Spring framework SAST tools. The study is based on action research and consists of several parts: the analysis of existing Spring framework vulnerabilities, the collection and enhancement of benchmarking strategies from similar tools and the development of the utility using the collected data. The study findings are of interest to SAST providers as they would be able to use the benchmark for the evaluation of the detection capabilities of their SAST solution in Spring environment. Moreover, the utility could be used to provide benchmark for future research to compare other SAST tools. Overall, the research contributes to the IT, cyber security and related research fields.