1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 1, 2025
  4. Review of Modern Automated Software Security Testing Tools

Review of Modern Automated Software Security Testing Tools

CSN.
2025;
Volume 7, Number 1
: pp. 195 - 203
https://doi.org/10.23939/csn2025.01.195
Authors:
  1. M. V. Maksymovych
  2. L. Z. Mychuda
1
Lviv Polytechnic National University, Department of Information Technologies Security
2
Lviv Polytechnic National University, Department of Computerized Automation Systems

Nowadays, with the rapid development of modern technologies in software engineering, active digitalization, and the migration of many services online, ensuring the security of these services in terms of integrity, confidentiality, and availability of information has become more important than ever. The level of application security directly depends on investments made in security during software development. Thus, it is crucial for developers to prioritize not only the implementation of functional requirements but also actively address non-functional requirements related to application security. Ensuring application security involves utilizing various tools designed to minimize the probability of successful cyber-attacks. Today, numerous such tools exist, including both commercial and open-source solutions. The purpose of this article is to analyze modern tools for automated software security testing, comparing their capabilities, implementation costs, and integration complexity into the software development lifecycle. Additionally, the article aims to identify the advantages and disadvantages of commercial and open-source solutions, as well as to outline prospective directions for further research aimed at simplifying the integration of free tools into the application security assurance practice.

automation
cybersecurity
containerization
protection
software
testing
  1. Tauqeer O. B., Jan S., Khadidos A. O., Khadidos A. O., Khan F. Q., Khattak S. Analysis of security testing techniques. Intelligent Automation and Soft Computing. 2021. 29(1). 291–306. Scopus. Doi: https://doi.org/10.32604/iasc.2021.017260.
  2. Magazine C. Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Cybercrime Magazine. 2018, December 8. URL: https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/.
  3. Li J. Vulnerabilities mapping based on OWASP-SANS: A survey for static application security testing (SAST). Annals of Emerging Technologies in Computing. 2020. 4(3). 1–8. Scopus. Doi: https://doi.org/10.33166/AETiC.2020.03.001.
  4. Cyber Security Market Size, Share | Industry Report, 2030. (n.d.).  March 10, 2025. URL: https://www.grandviewresearch.com/industry-analysis/cyber-security-market.
  5. Pathirathna P., Ayesha V., Imihira W., Wasala W., Kodagoda N., Edirisinghe T. Security testing as a service with docker containerization. 2017. p. 7. Doi: https://doi.org/10.1109/SKIMA.2017.8294109.
  6. Mirakhorli M., Galster M., Williams L. Understanding Software Security from Design to Deployment. ACM SIGSOFT Software Engineering Notes. 2020. 45(2). 25–26. Doi: https://doi.org/10.1145/3385678.3385687.
  7. Tøndel I. A., Cruzes D. S., Jaatun M. G. Achieving “Good Enough” Software Security: The Role of Objectivity. Proceedings of the Evaluation and Assessment in Software Engineering. 2020. 360–365. Doi: https://doi.org/10.1145/3383219.3383267.
  8. Yang J., Tan L., Peyton J., A Duer K. Towards Better Utilizing Static Application Security Testing. 2019. 51–60. Scopus. Doi: https://doi.org/10.1109/ICSE-SEIP.2019.00014.
  9. Singh R., Kumar Gupta M., Patil D. R., Maruti Patil S. Analysis of Web Application Vulnerabilities using Dynamic Application Security Testing. 2024 IEEE 9th International Conference for Convergence in Technology, I2CT 2024. Scopus. Doi: https://doi.org/10.1109/I2CT61223.2024.10543484.
  10. Pan Y. (2019). Interactive Application Security Testing. 2019 International Conference on Smart Grid and Electrical Automation (ICSGEA), 558–561. Doi: https://doi.org/10.1109/ICSGEA.2019.00131.
  11. Top 11 DevOps Security Tools. Jit. 2024, August 8. URL: https://www.jit.io/resources/appsec-tools/top- 11-devops-security-tools.
  12. Alazmi S., Leon D. Customizing OWASP ZAP: A Proven Method for Detecting SQL Injection Vulnerabilities. 2023 IEEE 9th Intl Conference  on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). 2023. 102–106. Doi: https://doi.org/10.1109/BigDataSecurity-HPSC-IDS58521.2023.00028.
  13. Singh A. Microservices Security Vulnerability Remediation approach using Veracode and Checkmarx. Journal of Artificial Intelligence General Science (JAIGS). 2024. ISSN:3006-4023. Doi: https://doi.org/ 10.60087/jaigs.v4i1.128.
  14. Top 9 Open-Source SAST Tools | Wiz. Wiz.Io. 2025, February 14. URL: https://www.wiz.io/academy/top- open-source-sast-tools.
  15. Fredj O. B., Cheikhrouhou O., Krichen M., Hamam H., Derhab A. An OWASP Top Ten Driven Survey on Web Application Protection Methods. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12528 LNCS. 2021. 235–252. Scopus. Doi: https://doi.org/10.1007/978-3-030-68887-5_14.
  16. Tudela F. M., Higuera J.-R. B., Higuera J. B., Montalvo J.-A. S., Argyros M. I. On combining static, dynamic and interactive analysis security testing tools to improve owasp top ten security vulnerability detection in web applications. Applied Sciences (Switzerland). 2020.10(24). 1–26. Scopus. Doi: https://doi.org/ 10.3390/app10249119.