English
Related papers

Related papers: Code-based Vulnerability Detection in Node.js Appl…

200 papers

A precise vulnerability discovery model (VDM) will provide a useful insight to assess software security, and could be a good prediction instrument for both software vendors and users to understand security trends and plan ahead patching…

Cryptography and Security · Computer Science 2018-08-30 Viet Hung Nguyen , Fabio Massacci

Reviewing source code from a security perspective has proven to be a difficult task. Indeed, previous research has shown that developers often miss even popular and easy-to-detect vulnerabilities during code review. Initial evidence…

Software Engineering · Computer Science 2022-02-15 Larissa Braz , Christian Aeberhard , Gül Çalikli , Alberto Bacchelli

Knowing what sensitive resources a dependency could potentially access would help developers assess the risk of a dependency before selection. One way to get an understanding of the potential sensitive resource usage by a dependency is…

Cryptography and Security · Computer Science 2025-03-19 Imranur Rahman , Ranidya Paramitha , Henrik Plate , Dominik Wermke , Laurie Williams

Understanding the common vulnerabilities in web applications help businesses be better prepared in protecting their data against such attacks. With the knowledge gained from research users and developers can be better equipped to deal with…

Cryptography and Security · Computer Science 2020-12-21 Matthew Bach-Nutman

Using open-source dependencies is essential in modern software development. However, this practice implies significant trust in third-party code, while there is little support for developers to assess this trust. As a consequence, attacks…

Software Engineering · Computer Science 2025-09-08 Raphina Liu , Sofia Bobadilla , Benoit Baudry , Martin Monperrus

Relying on dependency packages accelerates software development, but it also increases the exposure to security vulnerabilities that may be present in dependencies. While developers have full control over which dependency packages (and…

Software Engineering · Computer Science 2023-10-13 Abbas Javan Jafari , Diego Elias Costa , Ahmad Abdellatif , Emad Shihab

NVD is one of the most popular databases used by researchers to conduct empirical research on data sets of vulnerabilities. Our recent analysis on Chrome vulnerability data reported by NVD has revealed an abnormally phenomenon in the data…

Cryptography and Security · Computer Science 2013-02-19 Viet Hung Nguyen , Fabio Massacci

JavaScript packages are notoriously prone to bloat, a factor that significantly impacts the performance and maintainability of web applications. While web bundlers and tree-shaking can mitigate this issue in client-side applications,…

Software Engineering · Computer Science 2025-05-22 Yuxin Liu , Deepika Tiwari , Cristian Bogdan , Benoit Baudry

With the climate crisis looming, engineering sustainable software systems become crucial to optimize resource utilization, minimize environmental impact, and foster a greener, more resilient digital ecosystem. For developers, getting access…

Software Engineering · Computer Science 2025-06-12 Priyavanshi Pathania , Rohit Mehra , Vibhu Saujanya Sharma , Vikrant Kaulgud , Sanjay Podder , Adam P. Burden

Software vulnerabilities in source code pose serious cybersecurity risks, prompting a shift from traditional detection methods (e.g., static analysis, rule-based matching) to AI-driven approaches. This study presents a systematic review of…

Software Engineering · Computer Science 2025-06-13 Samiha Shimmi , Hamed Okhravi , Mona Rahimi

Quality assurance is of great importance for deep learning (DL) systems, especially when they are applied in safety-critical applications. While quality issues of native DL applications have been extensively analyzed, the issues of…

Software Engineering · Computer Science 2022-09-13 Lili Quan , Qianyu Guo , Xiaofei Xie , Sen Chen , Xiaohong Li , Yang Liu

The advancements in machine learning techniques have encouraged researchers to apply these techniques to a myriad of software engineering tasks that use source code analysis, such as testing and vulnerability detection. Such a large number…

Software Engineering · Computer Science 2022-09-14 Tushar Sharma , Maria Kechagia , Stefanos Georgiou , Rohit Tiwari , Indira Vats , Hadi Moazen , Federica Sarro

As the number of web applications and API endpoints exposed to the Internet continues to grow, so does the number of exploitable vulnerabilities. Manually identifying such vulnerabilities is tedious. Meanwhile, static security scanners tend…

Cryptography and Security · Computer Science 2025-12-17 Felix Mächtle , Nils Loose , Tim Schulz , Florian Sieck , Jan-Niclas Serr , Ralf Möller , Thomas Eisenbarth

Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of…

Cryptography and Security · Computer Science 2018-07-04 Kai Mindermann , Stefan Wagner

Many Android applications embed webpages via WebView components and execute JavaScript code within Android. Hybrid applications leverage dedicated APIs to load a resource and render it in a WebView. Furthermore, Android objects can be…

Cryptography and Security · Computer Science 2020-08-06 Abhishek Tiwari , Jyoti Prakash , Sascha Gross , Christian Hammer

Reliability prediction is crucial for ensuring the safety and security of software systems, especially in the context of industry practices. While various metrics and measurements are employed to assess software reliability, the complexity…

Software Engineering · Computer Science 2025-07-29 Dapeng Yan , Wenjie Yang , Kui Liu , Zhiming Liu , Zhikuang Cai

Context: Smart contract vulnerabilities pose significant security risks for the Ethereum ecosystem, driving the development of automated tools for detection and mitigation. Smart contracts are written in Solidity, a programming language…

Software Engineering · Computer Science 2025-04-09 Gerardo Iuliano , Davide Corradini , Michele Pasqua , Mariano Ceccato , Dario Di Nucci

Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust…

The common use case of code smells assumes causality: Identify a smell, remove it, and by doing so improve the code. We empirically investigate their fitness to this use. We present a list of properties that code smells should have if they…

Software Engineering · Computer Science 2024-01-17 Idan Amit , Nili Ben Ezra , Dror G. Feitelson

Software built on poor structural patterns often shows higher exposure to security defects. When code differs from established best practices, verification and maintenance become increasingly difficult, thereby raising the risk of…

Cryptography and Security · Computer Science 2026-01-26 Masoud Jamshidiyan Tehrani