English
Related papers

Related papers: Vulnerabilities Mapping based on OWASP-SANS: a Sur…

200 papers

The advent of Autonomous Driving Systems (ADS) has marked a significant shift towards intelligent transportation, with implications for public safety and traffic efficiency. While these systems integrate a variety of technologies and offer…

Software Engineering · Computer Science 2025-02-28 Wenyuan Cheng , Zengyang Li , Peng Liang , Ran Mo , Hui Liu

Mobile application security has been one of the major areas of security research in the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and…

Cryptography and Security · Computer Science 2018-06-29 Richard Bonett , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

Implementing software security practices is a critical concern in modern software development. Industry practitioners, security tool providers, and researchers have provided standard security guidelines and sophisticated security…

Software Engineering · Computer Science 2022-05-26 Enrique Larios-Vargas , Omar Elazhary , Soroush Yousefi , Derek Lowlind , Michael L. W. Vliek , Margaret-Anne Storey

A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a…

Cryptography and Security · Computer Science 2013-03-21 Alexandre Bartel , Jacques Klein , Martin Monperrus , Yves Le Traon

Currently, Application Programming Interfaces (APIs) are becoming increasingly popular to facilitate data transfer in a variety of mobile applications. These APIs often process sensitive user information through their endpoints, which are…

Cryptography and Security · Computer Science 2023-10-24 Nate Haris , Kendree Chen , Ann Song , Benjamin Pou

The growth in the adoption of the WebAssembly (WASM) standard has given rise to a rapidly increasing landscape of binary applications that are natively ported to the environment of websites. The flexibility of WASM has made it the preferred…

Cryptography and Security · Computer Science 2026-03-11 Lorenzo Corrias , Lorenzo Pisu , Davide Maiorca , Giorgio Giacinto

Software containers are widely adopted for developing and deploying software applications. Despite their popularity, major security concerns arise during container development and deployment. Software Engineering (SE) research literature…

Software Engineering · Computer Science 2025-12-16 Maha Sroor , Teerath Das , Rahul Mohanani , Tommi Mikkonen

Presently, Bangladesh is expending substantial efforts to digitize its national infrastructure, with a significant emphasis on achieving this goal through mobile applications that facilitate online payments and banking system advancements.…

Cryptography and Security · Computer Science 2024-11-28 Shahriar Hasan Mickey , Muhammad Nur Yanhaona

Mainstream software applications and tools are the configurable platforms with an enormous number of parameters along with their values. Certain settings and possible interactions between these parameters may harden (or soften) the security…

Software Engineering · Computer Science 2020-06-17 Shuvalaxmi Dass , Akbar Siami Namin

Open Source Software (OSS) security and resilience are worldwide phenomena hampering economic and technological innovation. OSS vulnerabilities can cause unauthorized access, data breaches, network disruptions, and privacy violations,…

Software Engineering · Computer Science 2024-01-17 Nafis Tanveer Islam , Gonzalo De La Torre Parra , Dylan Manual , Murtuza Jadliwala , Peyman Najafirad

Software vulnerabilities continue to be the primary cause of cyberattacks. It is crucial to identify vulnerabilities in applications' source code before attackers gain access to them and exploit any vulnerability they may contain.…

Software Engineering · Computer Science 2026-05-26 Jorge Martins , David Dantas , Rafael Ramires , Bernardo Ferreira , Ibéria Medeiros

In the open source software (OSS) ecosystem, there exists a complex software supply chain, where developers upstream and downstream widely borrow and reuse code. This results in the widespread occurrence of recurring defects, missing fixes,…

Cryptography and Security · Computer Science 2024-01-31 Fuwei Wang , Yongzhi Liu , Zhiqiang Dong

WebAssembly (abbreviated WASM) has emerged as a promising language of the Web and also been used for a wide spectrum of software applications such as mobile applications and desktop applications. These applications, named as WASM…

Software Engineering · Computer Science 2023-01-31 Yixuan Zhang , Shangtong Cao , Haoyu Wang , Zhenpeng Chen , Xiapu Luo , Dongliang Mu , Yun Ma , Gang Huang , Xuanzhe Liu

The increasing frequency of attacks on Android applications coupled with the recent popularity of large language models (LLMs) necessitates a comprehensive understanding of the capabilities of the latter in identifying potential…

Cryptography and Security · Computer Science 2025-03-18 Vasileios Kouliaridis , Georgios Karopoulos , Georgios Kambourakis

Static Analysis Tools (SATs) are central to security engineering activities, as they enable early identification of code weaknesses without requiring execution. However, their effectiveness is often limited by high false-positive rates and…

Cryptography and Security · Computer Science 2026-02-04 Nicolás E. Díaz Ferreyra , Moritz Mock , Max Kretschmann , Barbara Russo , Mojtaba Shahin , Mansooreh Zahedi , Riccardo Scandariato

Static Application Security Testing (SAST) tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives (FPs), imposing a substantial manual triage burden on developers. Recent…

Software Engineering · Computer Science 2026-02-02 Yunpeng Xiong , Ting Zhang

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

Modern enterprises increasingly adopt diverse technology stacks with various programming languages, posing significant challenges for static application security testing (SAST). Existing taint analysis tools are predominantly designed for…

Software Engineering · Computer Science 2026-04-03 Yayi Wang , Shenao Wang , Jian Zhao , Shaosen Shi , Ting Li , Yan Cheng , Lizhong Bian , Kan Yu , Yanjie Zhao , Haoyu Wang

Developers rely on online tutorials to learn web application security, but tutorial quality varies. We reviewed 132 free security tutorials to examine topic coverage, authorship, and technical depth. Our analysis shows that most tutorials…

Cryptography and Security · Computer Science 2026-03-24 Bhagya Chembakottu , Martin P. Robillard

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho