English
Related papers

Related papers: TestREx: a Framework for Repeatable Exploits

200 papers

For a considerable number of software projects, the creation of effective test cases is hindered by design documentation that is either lacking, incomplete or obsolete. The exploratory testing approach can serve as a sound method in such…

Software Engineering · Computer Science 2019-12-05 Miroslav Bures , Karel Frajtak , Bestoun S. Ahmed

The Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi).…

Cryptography and Security · Computer Science 2017-04-11 Tommi Unruh , Bhargava Shastry , Malte Skoruppa , Federico Maggi , Konrad Rieck , Jean-Pierre Seifert , Fabian Yamaguchi

Large-scale, fault-tolerant, distributed systems are the backbone for many critical software services. Since they must execute correctly in a possibly adversarial environment with arbitrary communication delays and failures, the underlying…

Programming Languages · Computer Science 2023-04-25 Cezara Dragoi , Constantin Enea , Srinidhi Nagendra , Mandayam Srivas

Mass assignment is one of the most prominent vulnerabilities in RESTful APIs. This vulnerability originates from a misconfiguration in common web frameworks, such that naming convention and automatic binding can be exploited by an attacker…

Cryptography and Security · Computer Science 2023-01-04 Davide Corradini , Michele Pasqua , Mariano Ceccato

Recent technological advancements have enabled proliferated use of small embedded and IoT devices for collecting, processing, and transferring the security-critical information and user data. This exponential use has acted as a catalyst in…

Cryptography and Security · Computer Science 2021-01-18 Avani Dave , Nilanjan Banerjee , Chintan Patel

The code generation capabilities of large language models(LLMs) have emerged as a critical dimension in evaluating their overall performance. However, prior research has largely overlooked the security risks inherent in the generated code.…

Cryptography and Security · Computer Science 2025-06-23 Xinghang Li , Jingzhe Ding , Chao Peng , Bing Zhao , Xiang Gao , Hongwan Gao , Xinchen Gu

A wide range of analysis and testing techniques targeting modern web apps rely on the automated exploration of their state space by firing events that mimic user interactions. However, finding out which elements are actionable in web apps…

Human-Computer Interaction · Computer Science 2021-11-25 Davood Mazinanian , Mohammad Bajammal , Ali Mesbah

Model-sharing platforms, such as Hugging Face, ModelScope, and OpenCSG, have become central to modern machine learning development, enabling developers to share, load, and fine-tune pre-trained models with minimal effort. However, the…

Software Engineering · Computer Science 2026-01-21 Mohammed Latif Siddiq , Tanzim Hossain Romel , Natalie Sekerak , Beatrice Casey , Joanna C. S. Santos

Open-source third-party libraries are widely used in software development. These libraries offer substantial advantages in terms of time and resource savings. However, a significant concern arises due to the publicly disclosed…

Software Engineering · Computer Science 2025-02-12 Yi Gao , Xing Hu , Zirui Chen , Xiaohu Yang

The implementation, deployment and testing of secure services for Internet of Things devices is nowadays still at an early stage. Several frameworks have recently emerged to help developers realize such services, abstracting the complexity…

Distributed, Parallel, and Cluster Computing · Computer Science 2019-07-02 Christian Göttel , Pascal Felber , Valerio Schiavoni

Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as…

Cryptography and Security · Computer Science 2026-05-15 Seunghyun Lee , David Brumley

Large language model (LLM) agents are increasingly capable of autonomously conducting cyberattacks, posing significant threats to existing applications. This growing risk highlights the urgent need for a real-world benchmark to evaluate the…

This paper presents results from the MSR 2021 Hackathon. Our team investigates files/projects that contain known security vulnerabilities and how widespread they are throughout repositories in open source software. These security…

Software Engineering · Computer Science 2021-03-24 David Reid , Kalvin Eng , Chris Bogart , Adam Tutko

The increased adoption of smart contracts in many industries has made them an attractive target for cybercriminals, leading to millions of dollars in losses. Thus, deploying smart contracts with detected vulnerabilities (known to…

Software Engineering · Computer Science 2023-07-25 Pengcheng , Peng , Yun , Qingzhao , Tao , Dawn , Prateek , Sanjeev , Zhuotao , Xusheng

Dedicated software search engines that index open source software repositories or in-house software assets significantly enhance the chance of finding software components suitable for reuse. However, they still leave the work of evaluating…

Software Engineering · Computer Science 2013-03-25 Werner Janjic , Dietmar Stoll , Philipp Bostan , Colin Atkinson

Large Language Models (LLMs) are increasingly used for automated software development, making their ability to preserve secure coding practices critical. In practice, however, many security requirements are implicit or underspecified,…

Cryptography and Security · Computer Science 2026-05-12 Yue Li , Xiao Li , Hao Wu , Yue Zhang , Yechao Zhang , Yating Liu , Fengyuan Xu , Sheng Zhong

The generation of feasible adversarial examples is necessary for properly assessing models that work in constrained feature space. However, it remains a challenging task to enforce constraints into attacks that were designed for computer…

Artificial Intelligence · Computer Science 2022-05-04 Thibault Simonetto , Salijona Dyrmishi , Salah Ghamizi , Maxime Cordy , Yves Le Traon

We propose using reinforcement learning to address the challenges of discovering microarchitectural vulnerabilities, such as Spectre and Meltdown, which exploit subtle interactions in modern processors. Traditional methods like random…

Cryptography and Security · Computer Science 2025-02-21 M. Caner Tol , Kemal Derya , Berk Sunar

Modern web services routinely provide REST APIs for clients to access their functionality. These APIs present unique challenges and opportunities for automated testing, driving the recent development of many techniques and tools that…

Software Engineering · Computer Science 2022-09-08 Myeongsoo Kim , Qi Xin , Saurabh Sinha , Alessandro Orso

Modern overlay security mechanisms like Web Application Firewalls (WAF) suffer from inability to recognize custom high-level application logic and data objects, which results in low accuracy, high false positives rates, and overhelming…

Cryptography and Security · Computer Science 2015-11-10 George Noseevich , Dennis Gamayunov