Metric-based Software Security Assessment Model

Allows users to make their code safer by determining potential vulnerabilities using differences in security metrics data based upon security fixes in other software.

Comment

Inspiration

Cyber security software are generally very difficult for casual coders to come across and is very important to consider when creating software. After software engineers created a working version of their code, they need to make it secure from vulnerabilities. This website allows users to numerically compare the metrics of their code to that of secure code taken from open source software. This can give the users an idea of what is needed to be improved upon to make their code more secure.

What it does

The Metric-based Software Security Assessment Model is a website that allows any coders to upload their .java file into the website and generate metrics of that file. This is then compared to the average metrics of 125 java files (obtained from open source software and that are reported to be fixed from bugs) to determine what characteristics of the users code is lacking that makes it vulnerable to bugs. The website will recommend users what aspects of the code should be improved upon so that users can check their code again to make it more security-centric.

How we built it

We learned and used Django to create a dynamic website. In order to host it, we originally we wanted to use a friends server but due to some issues, we had to resort to Google Cloud. We then used HTML, CSS, and JavaScript to create most of the site and used Python to create the metrics algorithm.

Challenges we ran into

Deploying the website to Google Cloud was very difficult because we generally deploy it to a friends server. Most of this was new to us except for HTML and CSS so it was very difficult overall due to the time restraint. The overall logic and finding out how we should calculate everything was difficult to determine within the time limit. Overall, time was the biggest constraint.

Accomplishments that we're proud of

What we learned

Google Cloud, Google Cloud API, Django, Python, HTML5, CSS3, JavaScript

What's next for Metric-based Software Security Assessment Model

We can improve the comparison algorithm because we only compare the user code to the average metrics of the database. This is mainly because we ran out of time. Instead, we could have compared it to each of the files metrics in the database and see which file is most similar. Then compare the metrics of those files to see what improvements are needed.

Share this project:

Updates