Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

SAMATE Tool Survey

Classes of Tools & Techniques 

Here is a list of classes of software security assurance functions classified according to our tool taxonomy. The first group have web pages with comments or notes about the class. The last group in the table don't even have web pages.

  Process Automation Approach Viewpoint
Assurance Case Tools SWE manage 1 Mitigate(?) Int
Safer Languages Implementation 0 Preclude Int
Design/Modeling Verification Tools Design 2/3 Detect Int
Source Code Security AnalyzersByte Code ScannersBinary Code Scanners (SWEBOK 10 1.9) Test 2 Detect Int
Web Application Scanners Test/Operation 2 Detect Ext
Intrusion Detectors Operation 2 Detect Int
Network Scanners Operation 2 Detect Ext
Requirements Verification Tools Requirements 2/3 Detect Int
Architecture Design Tools Design 1 Preclude Int
Dynamic Analysis Tools Test 1 Detect Ext
Web Services Network Scanners Test/Operation 2 Detect Ext
Database Scanning Tools Operation 2 Detect Int
Anti-Spyware Tools (A system assurance, not software assurance class) Operation 2/3 Detect/React Int
Tool Integration Frameworks Test/Operation 2 Detect Int
The following don't even have web pages.
Requirements modeling or tracing tools Requirements 1/2 Detect Int
Use cases Requirements 0 Detect Int
Constructive Approaches (Correct by construction) Design/ Implementation 1/2 Preclude Int
Compiler, error checking Implementation 3 Detect Int
Compiler, safety enforcing Implementation 3 Preclude Int
Configuration management (SWEBOK 10 1.6) Config manage 0/2 Preclude Int
Test generators, execution frameworks, test evaluation, test management, performance analysis (SWEBOK 10 1.4) Source code or binary fault injection, fault propagation analysis, fuzz testing (Goertzel 4.1.4.4.4-.9) Test 1/2 Detect Int
Code review assistants (SWEBOK 10 1.9) Test 1 Detect Int
Operator training Operation 1 Preclude Ext
Firewall, Virtual Patch, or Wrapper Operation 3 Mitigate Int
Forensic Security Analysis (Goertzel 4.1.4.4.12) Operation 1/2 React Int
Software engineering management (SWEBOK 10 1.7) SWE manage 0/2 Preclude Int
Software engineering process (SWEBOK 10 1.8) SWE process 0/2 Preclude Int

Guide to the SWEBOK[8] Chapter 10 lists software engineering methods, divided into three groups.

2.1 Heuristic methods
  • Structured methods
  • Data-oriented methods
  • Object-oriented methods
2.2 Formal methods
  • Specification languages and notations
  • Refinement
  • Verification/proving
2.3 Prototyping methods
  • Prototyping the style
  • Prototyping the target
  • Prototyping evaluation techniques

Insecure.Org's 2006 Top 100 Network Security Tools has several classes of tools mostly for network investigation, including web vulnerability scanners (= Web Application Scanners), vulnerability scanners (= Network Scanners), top 5 intrusion detection systems password crackers, packet sniffers, wireless tools, top 3 vulnerability exploitation tools, top 4 application-specific scanners, top 4 port scanners, top 3 firewalls, top 4 rootkit detectors, and packet crafters. Some tools are not categorized, but just listed in the Top 100.

Created February 3, 2021, Updated May 17, 2021