rtm

Effectiveness of Static vs Dynamic Code Analysis Tools in Detecting Software Vulnerabilities

This project is a research study comparing static and dynamic code analysis tools — specifically SonarQube and OWASP ZAP — in their ability to detect software vulnerabilities. The evaluation was conducted using the OWASP WebGoat benchmark application and assessed tools across accuracy, false positive rate, vulnerability coverage, OWASP Top 10 detection, and scan speed. The research paper and findings are included in this repository. Course: CSS 410 — Research Tools and Methods | SDU University, 2026 Author: Arystan Sadyr | Student ID: 230107042

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
230107042_Arystan_Sadyr_Final.docx		230107042_Arystan_Sadyr_Final.docx
README.md		README.md
Снимок экрана (13).png		Снимок экрана (13).png
Снимок экрана (14).png		Снимок экрана (14).png
Снимок экрана (15).png		Снимок экрана (15).png
Снимок экрана (16).png		Снимок экрана (16).png
Снимок экрана (17).png		Снимок экрана (17).png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

rtm

Effectiveness of Static vs Dynamic Code Analysis Tools in Detecting Software Vulnerabilities

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

rtm

Effectiveness of Static vs Dynamic Code Analysis Tools in Detecting Software Vulnerabilities

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Packages