A Comparative Analysis of Veracode Snyk and Checkmarx for Identifying and Mitigating Security Vulnerabilities in Microservice AWS and Azure Platforms

Authors

  • Amarjeet Singh School of Computer Science, University of Petroleum and Energy Studies, Dehradun, India Author
  • Alok Aggarwal School of Computer Science, University of Petroleum and Energy Studies, Dehradun, India Author

Keywords:

Microservice, Cloud Migration, Containerization Distributed Systems, Microservice Security

Abstract

As organizations increasingly adopt microservices architectures for building scalable and resilient applications, ensuring the security of these distributed systems becomes paramount. In this empirical study, we conduct a comprehensive comparative analysis to assess the efficacy of three leading security scanning tools, namely Veracode, Snyk, and Checkmarx, in identifying and remedying security vulnerabilities within microservices applications deployed on the AWS and Azure cloud platforms. 

The study aims to provide nuanced insights into the performance, usability, and integration capabilities of these tools, offering valuable guidance to organizations striving to fortify their microservices-based infrastructures. By meticulously evaluating scanning capabilities, vulnerability detection accuracy, remediation guidance comprehensiveness, CI/CD pipeline integration proficiency, and overall ease of use, our research sheds light on the relative strengths and weaknesses of each tool in the context of modern cloud-native application security. Through meticulously designed experiments utilizing realistic microservices application scenarios encompassing diverse vulnerability types, including injection attacks, authentication bypasses, and insecure configurations, we present a thorough examination of the tools' capabilities and limitations. The findings from our study contribute to the evolving discourse on microservices security, emphasizing the critical importance of selecting appropriate security scanning solutions tailored to the unique requirements and constraints of cloud-based microservices architectures. By leveraging the insights gleaned from our comparative analysis, organizations can make well-informed decisions regarding tool selection and deployment strategies, thereby bolstering the resilience of their microservices ecosystems against an ever-expanding threat landscape.

Downloads

Download data is not yet available.

References

Elkholy, M. .; A. Marzok, M. . Trusted Microservices: A Security Framework for Users’ Interaction With Microservices Applications. JISCR 2022, 5, 135-143.

Yasir Javed, Qasim Ali Arian, Mamdouh Alenezi, SecurityGuard: An Automated Secure Coding Framework, Intelligent Technologies and Applications, 10.1007/978-3-030-71711-7_25, (303-310), (2021).

Pereira-Vale, A., Fernandez, E. B., Monge, R., Astudillo, H., & Márquez, G. (2021). Security in microservice-based systems: A multivocal literature review. Computers & Security, 103, 102200.

V. Singh, A. Singh, A. Aggarwal and S. Aggarwal, "Advantages of using Containerization Approach for Advanced Version Control System," 2022 Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT), Mandya, India, 2022, pp. 1-4, doi: 10.1109/ICERECT56837.2022.10059738.

A. Singh, V. Singh, A. Aggarwal and S. Aggarwal, "Improving Business deliveries using Continuous Integration and Continuous Delivery using Jenkins and an Advanced Version control system for Microservices-based system," 2022 5th International Conference on Multimedia, Signal Processing and Communication Technologies (IMPACT), Aligarh, India, 2022, pp. 1-4, doi: 10.1109/IMPACT55510.2022.10029149.

Schneider, S., Ferreyra, N. E. D., Quéval, P. J., Simhandl, G., Zdun, U., & Scandariato, R. (2024). How Dataflow Diagrams Impact Software Security Analysis: an Empirical Experiment. arXiv preprint arXiv:2401.04446.

A. Singh, V. Singh, A. Aggarwal and S. Aggarwal, "Event Driven Architecture for Message Streaming data driven Microservices systems residing in distributed version control system," 2022 International Conference on Innovations in Science and Technology for Sustainable Development (ICISTSD), Kollam, India, 2022, pp. 308-312, doi: 10.1109/ICISTSD55159.2022.10010390.

T. Yarygina and A. H. Bagge, "Overcoming Security Challenges in Microservice Architectures," 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE), Bamberg, Germany, 2018, pp. 11-20, doi: 10.1109/SOSE.2018.00011.

A. Singh, V. Singh, A. Aggarwal and S. Aggarwal, “Advance Microservices based approach for Distributed version control processing using the sensor-generated data by IoT devices,” Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT- 2022), P. E. S. College of Engineering, Mandya, December 26-27, 2022.

https://www.riverpublishers.com/research_details.php?book_id=1004

V. Singh, A. Singh, A. et al., “Identification of the deployment defects in Micro-service hosted in advanced VCS and deployed on containerized cloud environment,” Int. Conference on Intelligence Systems ICIS-2022, Article No. 28, Uttaranchal University, Dehradun. (https://www.riverpublishers.com/research_details.php?book_id=1004)

V. Singh, A. Singh, A. Aggarwal and S. Aggarwal, "DevOps based migration aspects from Legacy Version Control System to Advanced Distributed VCS for deploying Micro-services," 2021 IEEE International Conference on Computation System and Information Technology for Sustainable Solutions (CSITSS), Bangalore, India, 2021, pp. 1-5, doi: 10.1109/CSITSS54238.2021.9683718.

Kadiyala, S. P., Li, X., Lee, W., & Catlin, A. (2022, September). Securing Microservices Against Password Guess Attacks using Hardware Performance Counters. In 2022 IEEE 35th International System-on-Chip Conference (SOCC) (pp. 1-6). IEEE.

V. Singh, A. Singh, A. Aggarwal and S. Aggarwal, "A digital Transformation Approach for Event Driven Micro-services Architecture residing within Advanced vcs," 2021 International Conference on Disruptive Technologies for Multi-Disciplinary Research and Applications (CENTCON), Bengaluru, India, 2021, pp. 100-105, doi: 10.1109/CENTCON52345.2021.9687973.

Pontarolli, R. P., Bigheti, J. A., de Sá, L. B. R., & Godoy, E. P. (2021, August). Towards Security Mechanisms for an Industrial Microservice-Oriented Architecture. In 2021 14th IEEE International Conference on Industry Applications (INDUSCON) (pp. 679-685). IEEE.

Downloads

Published

30-03-2022

How to Cite

Singh, Amarjeet, and Alok Aggarwal. “A Comparative Analysis of Veracode Snyk and Checkmarx for Identifying and Mitigating Security Vulnerabilities in Microservice AWS and Azure Platforms ”. Asian Journal of Multidisciplinary Research & Review, vol. 3, no. 2, Mar. 2022, pp. 232-44, https://ajmrr.org/journal/article/view/5.

Similar Articles

21-30 of 44

You may also start an advanced similarity search for this article.