Sarah Elder

Works (6)

Updated: February 26th, 2025 05:02

2025 journal article

Comparing effectiveness and efficiency of Interactive Application Security Testing (IAST) and Runtime Application Self-Protection (RASP) tools in a large java-based system

EMPIRICAL SOFTWARE ENGINEERING, 30(3).

By: A. Seth, S. Bhattacharya, S. Elder*, N. Zahan* & L. Williams*

author keywords: Vulnerability management; Web application security; Security analysis tools; Vulnerability scanners; Interactive application security testing; Runtime application self-protection
Sources: Web Of Science, NC State University Libraries
Added: February 24, 2025

2024 journal article

A Survey on Software Vulnerability Exploitability Assessment

ACM COMPUTING SURVEYS, 56(8).

By: S. Elder n, M. Rahman n, G. Fringer n, K. Kapoor n & L. Williams n

author keywords: Exploitability; software vulnerability
Source: Web Of Science
Added: June 11, 2024

2022 journal article

Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application

EMPIRICAL SOFTWARE ENGINEERING, 27(6).

By: S. Elder n, N. Zahan n, R. Shu n, M. Metro n, V. Kozarev n, T. Menzies n, L. Williams n

author keywords: Vulnerability Management; Web Application Security; Penetration Testing; Vulnerability Scanners
TL;DR: The goal of this research is to assist managers and other decision-makers in making informed choices about the use of software vulnerability detection techniques through an empirical study of the efficiency and effectiveness of four techniques on a Java-based web application. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 22, 2022

2021 article

Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard

2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104.

By: S. Elder n, N. Zahan n, V. Kozarev n, R. Shu n, T. Menzies n & L. Williams n

author keywords: Security and Protection; Computer and Information Science Education; Industry-Standards
TL;DR: A theme of the course assignments was to map vulnerability discovery to the security controls of the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS), and this mapping may have increased students' depth of understanding of a wider range of security topics. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: November 1, 2021

2021 article

Vulnerability Detection is Just the Beginning

2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2021), pp. 304–308.

By: S. Elder n

author keywords: Security Management; Computer Security; Software Testing
TL;DR: This research examines the relationships between the vulnerability detection technique used to find a vulnerability, the type of vulnerability found, the exploitability of the vulnerability, and the effort needed to fix a vulnerability on two projects where all vulnerabilities found have been fixed. (via Semantic Scholar)
Source: Web Of Science
Added: November 1, 2021

2016 conference paper

systematically developing prevention, detection, and response patterns for security requirements

2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 62–67.

Maria Riaz; Sarah Elder; Laurie Williams

Source: NC State University Libraries
Added: August 6, 2018

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2025) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.