Highlighting Significance and Contribution: Five Recent Studies on Static Analysis in Software Engineering and Cybersecurity
Keywords:
Static Analysis, Software Testing, Software Engineering, CybersecurityAbstract
Static testing has become a critical approach in ensuring the quality, security, and reliability of software systems. Recent developments include the application of machine learning, abstract interpretation, and query-based approaches to improve the effectiveness of analysis. Objectives and methods: This systematic review aims to consolidate and analyse findings from five recent studies (2024-2025) on static testing methods across various domains, including source code analysis, vulnerability detection, Android malware detection, business process modelling, and data leakage prevention in machine learning. The methods used were thematic and comparative analysis of the contributions, methodologies, and limitations of each study. Main results: The synthesis shows that static testing approaches are increasingly integrating dynamic techniques, machine learning, and formal analysis to address the complexity of modern systems. However, challenges such as limited coverage, the need for industry validation, and computational complexity remain obstacles. Conclusions and implications: Static testing continues to evolve with hybrid and data-driven approaches. Further research is needed that focuses on expanding coverage, integrating industrial pipelines, and improving accessibility for practitioners.
Downloads
References
1. Alghamdi, A. M., & Eassa, F. E. (2019). OpenACC errors classification and static detection techniques. IEEE Access, 7, 113235-113253.
2. Ayewah, N., Pugh, W., Hovemeyer, D., Morgenthaler, J. D., & Penix, J. (2008). Using static analysis to find bugs. IEEE software, 25(5), 22-29.
3. Best, P., Manktelow, R., & Taylor, B. (2014). Online communication, social media and adolescent wellbeing: A systematic narrative review. Children and Youth Services Review, 41, 27-36.
4. Christfort, A. K. F., Cosma, V. P., Debois, S., Hildebrandt, T. T., & Slaats, T. (2025). Static and dynamic techniques for iterative test-driven modelling of Dynamic Condition Response Graphs. Journal of Systems and Software, 183, 107722.
5. Cousot, P., & Cousot, R. (2000, August). Abstract interpretation based program testing. In Proceedings of the SSGRR 2000 Computer & eBusiness International Conference (pp. 161-192). L'Aquila, Italy: Scuola Superiore G. Reiss Romoli.
6. Dano, E. B. (2022, July). Systems Engineering Integration and Test Challenges due to Security Measures in a Cloud‐Based System. In INCOSE International Symposium (Vol. 32, No. 1, pp. 224-232).
7. Dehkordi, A. H., Mazaheri, E., Ibrahim, H. A., Dalvand, S., & Gheshlagh, R. G. (2021). How to write a systematic review: A narrative review. International journal of preventive medicine, 12(1), 27.
8. Fong, P. W. (2009). Reading a computer science research paper. ACM SIGCSE Bulletin, 41(2), 138-140.
9. Gebhart, M. (2014). Query-based static analysis of web services in service-oriented architectures. International Journal on Advances in Internet Technology Volume 7, Number 1 & 2, 2014.
10. Goseva-Popstojanova, K., & Perhinschi, A. (2015). On the capability of static code analysis to detect security vulnerabilities. Information and Software Technology, 68, 18-33.
11. Kanewala, U., Bieman, J. M., & Ben‐Hur, A. (2016). Predicting metamorphic relations for testing scientific software: a machine learning approach using graph kernels. Software testing, verification and reliability, 26(3), 245-269.
12. Kikuchi, N., & Kikuno, T. (2001, December). Improving the testing process by program static analysis. In Proceedings Eighth Asia-Pacific Software Engineering Conference (pp. 195-201). IEEE.
13. Kitchenham, B., Brereton, O. P., Budgen, D., Turner, M., Bailey, J., & Linkman, S. (2009). Systematic literature reviews in software engineering–a systematic literature review. Information and software technology, 51(1), 7-15.
14. Kleidermacher, D. N. (2008, May). Integrating static analysis into a secure software development process. In 2008 IEEE Conference on Technologies for Homeland Security (pp. 367-371). IEEE.
15. Knodel, J., Lindvall, M., Muthig, D., & Naab, M. (2006, March). Static evaluation of software architectures. In Conference on Software Maintenance and Reengineering (CSMR'06) (pp. 10-pp). IEEE.
16. Li, Z., Liu, Z., Wong, W. K., Ma, P., & Wang, S. (2024). Evaluating C/C++ Vulnerability Detectability of Query-Based Static Application Security Testing Tools. IEEE Transactions on Software Engineering, 50(3), 455-470.
17. Maarleveld, J., Guo, J., & Feitosa, D. (2025). A systematic mapping study on graph machine learning for static source code analysis. Information and Software Technology, 183, 107722.
18. Mazzolin, R., & Samueli, A. M. (2020, August). A survey of contemporary cyber security vulnerabilities and potential approaches to automated defence. In 2020 IEEE International Systems Conference (SysCon) (pp. 1-7). IEEE.
19. Molina-Coronado, B., Ruggia, A., Mori, U., Merlo, A., Mendiburu, A., & Miguel-Alonso, J. (2025). Light up that Droid! On the effectiveness of static analysis features against app obfuscation for Android malware detection. Journal of Network and Computer Applications, 235, 104094.
20. Pargaonkar, S. (2023). Advancements in security testing: A comprehensive review of methodologies and emerging trends in software quality engineering. International Journal of Science and Research (IJSR), 12(9), 61-66.
21. Pistoia, M., Chandra, S., Fink, S. J., & Yahav, E. (2007). A survey of static analysis methods for identifying security vulnerabilities in software systems. IBM systems journal, 46(2), 265-288.
22. Saeed, H., Shafi, I., Ahmad, J., Khan, A. A., Khurshaid, T., & Ashraf, I. (2025). Review of Techniques for Integrating Security in Software Development Lifecycle. Computers, Materials & Continua, 82(1).
23. Salihu, I. A., Ibrahim, R., Ahmed, B. S., Zamli, K. Z., & Usman, A. (2019). AMOGA: A static-dynamic model generation strategy for mobile apps testing. IEEE Access, 7, 17158-17173.
24. Shahriar, H., & Zulkernine, M. (2012). Mitigating program security vulnerabilities: Approaches and challenges. ACM Computing Surveys (CSUR), 44(3), 1-46.
25. Shinde, P. S., & Ardhapurkar, S. B. (2016, February). Cyber security analysis using vulnerability assessment and penetration testing. In 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave) (pp. 1-5). IEEE.
26. Teja Swaroop, A. (2025). The Transformative Impact of Artificial Intelligence on Professional Software Development: A Comprehensive Analysis. Title of Paper: The Transformative Impact Of Artificial Intelligence On Professional Software Development: A Comprehensive Analysis published in Page No, 13(8), b74-b90.
27. Thomson, P. (2021). Static Analysis: An Introduction: The fundamental challenge of software engineering is one of complexity. Queue, 19(4), 29-41.
28. Urban, C., Subotić, P., & Drobnjaković, F. (2025). Static Analysis by Abstract Interpretation Against Data Leakage in Machine Learning. Proceedings of the ACM on Programming Languages, 9(PLDI), 1-25.
29. Wild, C. L., & Knapp, J. E. (2017). Standards in the Testing Industry. In Improving Testing (pp. 59-81). Routledge.
30. Zheng, J., Williams, L., Nagappan, N., Snipes, W., Hudepohl, J. P., & Vouk, M. A. (2006). On the value of static analysis for fault detection in software. IEEE transactions on software engineering, 32(4), 240-253.
