English
Related papers

Related papers: Vulnerabilities Mapping based on OWASP-SANS: a Sur…

200 papers

Background. Developers use Automated Static Analysis Tools (ASATs) to control for potential quality issues in source code, including defects and technical debt. Tool vendors have devised quite a number of tools, which makes it harder for…

Software Engineering · Computer Science 2021-01-25 Valentina Lenarduzzi , Savanna Lujan , Nyyti Saarimaki , Fabio Palomba

Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them result in overall project failure due to incorrect or missing quality characteristics such as security. There are…

Software Engineering · Computer Science 2019-06-28 H. Villamizar , A. A. Neto , M. Kalinowski , A. Garcia , D. Mendez Fernández

Static Application Security Testing (SAST) tools are integral to modern software development, yet their adoption is undermined by excessive false positives that weaken developer trust and demand costly manual triage. We present ZeroFalse, a…

As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research…

Software Engineering · Computer Science 2024-09-27 Marcel Böhme , Eric Bodden , Tevfik Bultan , Cristian Cadar , Yang Liu , Giuseppe Scanniello

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger

Mobile application security has been a major area of focus for security research over the course of the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However,…

Cryptography and Security · Computer Science 2021-07-20 Amit Seal Ami , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

SAST (Static Application Security Testing) tools are among the most widely used techniques in defensive cybersecurity, employed by commercial and non-commercial organizations to identify potential vulnerabilities in software. Despite their…

Cryptography and Security · Computer Science 2026-01-07 Jake Feiglin , Guy Dar

Today's IoT systems include event-driven smart applications (apps) that interact with sensors and actuators. A problem specific to IoT systems is that buggy apps, unforeseen bad app interactions, or device/communication failures, can cause…

Cryptography and Security · Computer Science 2018-10-30 Dang Tu Nguyen , Chengyu Song , Zhiyun Qian , Srikanth V. Krishnamurthy , Edward J. M. Colbert , Patrick McDaniel

Security testing aims at verifying that the software meets its security properties. In modern Web systems, however, this often entails the verification of the outputs generated when exercising the system with a very large set of inputs.…

Software Engineering · Computer Science 2023-03-09 Nazanin Bayati Chaleshtari , Fabrizio Pastore , Arda Goknil , Lionel C. Briand

Secure coding is a critical yet often overlooked practice in software development. Despite extensive awareness efforts, real-world adoption remains inconsistent due to organizational, educational, and technical barriers. This paper provides…

Software Engineering · Computer Science 2025-10-02 Kiana Kiashemshaki , Mohammad Jalili Torkamani , Negin Mahmoudi

Static Application Security Testing tools help developers find security vulnerabilities before release, but they often produce many false positives. This increases manual review effort, reduces developer trust, and may cause real…

Cryptography and Security · Computer Science 2026-05-05 Mohd Ruhul Ameen , Md Takrim Ul Alam , Akif Islam

As one of the most popular software applications, a web application is a program, accessible through the web, to dynamically generate content based on user interactions or contextual data, for example, online shopping platforms, social…

Software Engineering · Computer Science 2025-04-28 Tao Li , Rubing Huang , Chenhui Cui , Dave Towey , Lei Ma , Yuan-Fang Li , Wen Xia

Mobile apps provide various critical services, such as banking, communication, and healthcare. To this end, they have access to our personal information and have the ability to perform actions on our behalf. Hence, securing mobile apps is…

Software Engineering · Computer Science 2024-03-12 Joydeep Mitra , Venkatesh-Prasad Ranganath , Torben Amtoft , Mike Higgins

Microservice architectures (MSA) are becoming trending alternatives to existing software development paradigms notably for developing complex and distributed applications. Microservices emerged as an architectural design pattern aiming to…

Cryptography and Security · Computer Science 2024-04-24 Abdelhakim Hannousse , Salima Yahiouche

Considering the ever-evolving threat landscape and rapid changes in software development, we propose a risk assessment framework called SAFER (Software Analysis Framework for Evaluating Risk). This framework is based on the necessity of a…

Software Engineering · Computer Science 2024-12-25 Sarah Ali Siddiqui , Chandra Thapa , Rayne Holland , Wei Shao , Seyit Camtepe

A system vulnerability analysis technique (SVAT) for the analysis of complex mission critical systems (CMCS) that cannot be taken offline or subjected to the risks posed by traditional penetration testing was previously developed. This…

Cryptography and Security · Computer Science 2024-09-18 Matthew Tassava , Cameron Kolodjski , Jeremy Straub

Intense competition in the mobile apps market means it is important to maintain high levels of app reliability to avoid losing users. Yet despite its importance, app reliability is underexplored in the research literature. To address this…

Software Engineering · Computer Science 2022-06-22 Chathrie Wimalasooriya , Sherlock A. Licorish , Daniel Alencar da Costa , Stephen G. MacDonell

Cooperative, Connected and Automated Mobility (CCAM) are complex cyber-physical systems (CPS) that integrate computation, communication, and control in safety-critical environments. At their core, System-on-Chip (SoC) platforms consolidate…

Software Engineering · Computer Science 2025-10-10 Srijita Basu , Haraldsson Bengt , Miroslaw Staron , Christian Berger , Jennifer Horkoff , Magnus Almgren

Open RAN enables third-party xApps and rApps to be onboarded and updated at operational cadence, creating a software supply chain that spans developers, CI systems, registries, onboarding pipelines, and runtime enforcement points. This…

Cryptography and Security · Computer Science 2026-05-07 Chun Yin Chiu

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS…

Software Engineering · Computer Science 2021-05-10 Therese Fehrer , Rocío Cabrera Lozoya , Antonino Sabetta , Dario Di Nucci , Damian A. Tamburri