English
Related papers

Related papers: SafeRESTScript: Statically Checking REST API Consu…

200 papers

This paper describes Slither, a static analysis framework designed to provide rich information about Ethereum smart contracts. It works by converting Solidity smart contracts into an intermediate representation called SlithIR. SlithIR uses…

Software Engineering · Computer Science 2019-08-28 Josselin Feist , Gustavo Grieco , Alex Groce

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

With the growth of web applications, REST APIs have become the primary communication method between services. In order to ensure system reliability and security, software quality can be assured by effective testing methods. Black box fuzz…

Software Engineering · Computer Science 2022-01-03 Chung-Hsuan Tsai , Shi-Chun Tsai , Shih-Kun Huang

CodeChecker is an open source project that integrates different static analysis tools such as the Clang Static Analyzer and Clang-Tidy into the build systems, continuous integration loops, and development workflows of C++ programmers. It…

Software Engineering · Computer Science 2024-08-06 Gabor Horvath , Reka Kovacs , Richard Szalay , Zoltan Porkolab , Gyorgy Orban , Daniel Krupp

REST (Representational State Transfer) APIs have become integral for data communication and exchange due to their simplicity, scalability, and compatibility with web standards. However, ensuring REST APIs' reliability through rigorous…

Software Engineering · Computer Science 2024-10-22 Tien-Quang Nguyen , Nghia-Hieu Cong , Ngoc-Minh Quach , Hieu Dinh Vo , Son Nguyen

Integrating security testing into the workflow of software developers not only can save resources for separate security testing but also reduce the cost of fixing security vulnerabilities by detecting them early in the development cycle. We…

Cryptography and Security · Computer Science 2018-04-04 Mahmoud Mohammadi , Bill Chu , Heather Richter Lipford , Emerson Murphy-Hill

Static bug detection tools help developers detect problems in the code, including bad programming practices and potential defects. Recent efforts to integrate static bug detectors in modern software development workflows, such as in code…

Software Engineering · Computer Science 2024-01-24 Junjie Li , Jinqiu Yang

Rust is a memory-safe programming language that disallows undefined behavior. Its safety guarantees have been extensively examined by the community through empirical studies, which has led to its remarkable success. However, unsafe code…

Programming Languages · Computer Science 2026-02-27 Hui Xu

Static Application Security Testing (SAST) tools are integral to modern DevSecOps pipelines, yet tools like CodeQL, Semgrep, and SonarQube remain fundamentally constrained: they require expert-crafted queries, generate excessive false…

Cryptography and Security · Computer Science 2026-02-11 George Tsigkourakos , Constantinos Patsakis

Static type errors are a common stumbling block for newcomers to typed functional languages. We present a dynamic approach to explaining type errors by generating counterexample witness inputs that illustrate how an ill-typed program goes…

Programming Languages · Computer Science 2018-03-20 Eric L Seidel , Ranjit Jhala , Westley Weimer

Internet of Things (IoT) is a growing technology that relies on connected 'things' that gather data from peer devices and send data to servers via APIs (Application Programming Interfaces). The design quality of those APIs has a direct…

Software Engineering · Computer Science 2022-05-16 Francis Palma , Tobias Olsson , Anna Wingkvist , Javier Gonzalez-Huerta

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing (SAST) tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic…

We propose a new static approach to Role-Based Access Control (RBAC) policy enforcement. The static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security requirements into the…

Software Engineering · Computer Science 2014-09-12 Asad Ali , Maribel Fernández

Isolating programs is an important mechanism to support more secure applications. Isolating program in dynamic languages such as JavaScript is even more challenging since reflective operations can circumvent simple mechanisms that could…

Programming Languages · Computer Science 2013-09-17 Damien Cassou , Stéphane Ducasse , Nicolas Petton

REpresentation State Transfer (REST) is an architectural style for designing web applications that enable scalable, stateless communication between clients and servers via common HTTP techniques. Web APIs that employ the REST style are…

Software Engineering · Computer Science 2025-04-24 Sida Deng , Rubing Huang , Man Zhang , Chenhui Cui , Dave Towey , Rongcun Wang

Even though much progress has been made in identifying and mitigating smart contract vulnerabilities, we often hear about coding or design issues leading to great financial losses. This paper presents our progress toward finding defects…

Logic in Computer Science · Computer Science 2024-11-01 Stefan-Claudiu Susan

The effective execution of tests for REST APIs remains a considerable challenge for development teams, driven by the inherent complexity of distributed systems, the multitude of possible scenarios, and the limited time available for test…

Software Engineering · Computer Science 2025-09-09 Thiago Barradas , Aline Paes , Vânia de Oliveira Neves

The Rust programming language restricts aliasing to provide static safety guarantees. However, in certain situations, developers need to bypass these guarantees by using a set of unsafe features. If they are used incorrectly, these features…

Software Engineering · Computer Science 2026-03-09 Ian McCormack , Tomas Dougan , Sam Estep , Hanan Hibshi , Jonathan Aldrich , Joshua Sunshine

Symbolic execution is a program analysis technique commonly utilized to determine whether programs violate properties and, in case violations are found, to generate inputs that can trigger them. Used in the context of security properties…

Programming Languages · Computer Science 2023-01-20 Ignacio Tiraboschi , Tamara Rezk , Xavier Rival

Web applications are the target of many well known exploits and also a fertile ground for the discovery of security vulnerabilities. Yet, the success of an exploit depends both on the vulnerability in the application source code and the…

Cryptography and Security · Computer Science 2018-08-30 Stanislav Dashevskyi , Daniel Ricardo dos Santos , Fabio Massacci , Antonino Sabetta