English
Related papers

Related papers: Data-Driven Vulnerability Detection and Repair in …

200 papers

Cryptographic API misuse represents a critical vulnerability class that undermines the security foundations of modern software. Yet, it remains largely unexplored in Go despite its dominance in security-critical infrastructure. This paper…

Cryptography and Security · Computer Science 2026-04-28 Vivi Andersson , Martin Monperrus

Frequently advised secure development recommendations often fall short in practice for app developers. Tool-driven (e.g., using static analysis tools) approaches lack context and domain-specific requirements of an app being tested. App…

Software Engineering · Computer Science 2021-11-04 Muhammad Sajidur Rahman , Blas Kojusner , Ryon Kennedy , Prerit Pathak , Lin Qi , Byron Williams

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont

Java applications are prone to vulnerabilities stemming from the insecure use of security-sensitive APIs, such as file operations enabling path traversal or deserialization routines allowing remote code execution. These sink APIs encode…

Cryptography and Security · Computer Science 2026-04-21 Fabian Fleischer , Cen Zhang , Joonun Jang , Jeongin Cho , Meng Xu , Taesoo Kim

This paper presents the source code analysis of a file reader server socket program (connection-oriented sockets) developed in Java, to illustrate the identification, impact analysis and solutions to remove five important software security…

Cryptography and Security · Computer Science 2014-12-02 Natarajan Meghanathan

Android allows apps to communicate with its system services via system service helpers so that these apps can use various functions provided by the system services. Meanwhile, the system services rely on their service helpers to enforce…

Cryptography and Security · Computer Science 2022-03-25 Yi He , Yacong Gu , Purui Su , Kun Sun , Yajin Zhou , Zhi Wang , Qi Li

Despite huge software engineering efforts and programming language support, resource and memory leaks are still a troublesome issue, even in memory-managed languages such as Java. Understanding the properties of leak-inducing defects, how…

Software Engineering · Computer Science 2019-12-17 Mohammadreza Ghanavati , Diego Costa , Janos Seboek , David Lo , Artur Andrzejak

Background: Previous studies have shown that up to 99.59 % of the Java apps using crypto APIs misuse the API at least once. However, these studies have been conducted on Java and C, while empirical studies for other languages are missing.…

Software Engineering · Computer Science 2021-09-03 Anna-Katharina Wickert , Lars Baumgärtner , Florian Breitfelder , Mira Mezini

As software vulnerabilities increase in both volume and complexity, vendors often struggle to repair them promptly. Automated vulnerability repair has emerged as a promising solution to reduce the burden of manual debugging and fixing…

Software Engineering · Computer Science 2024-11-28 Bo Lin , Shangwen Wang , Liqian Chen , Xiaoguang Mao

Data science libraries, such as scikit-learn and pandas, specialize in processing and manipulating data. The data-centric nature of these libraries makes the detection of API misuse in them more challenging. This paper introduces DSCHECKER,…

Software Engineering · Computer Science 2025-10-01 Akalanka Galappaththi , Francisco Ribeiro , Sarah Nadi

Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code…

Cryptography and Security · Computer Science 2022-08-18 Imen Sayar , Alexandre Bartel , Eric Bodden , Yves Le Traon

Modern software development depends on APIs to reuse code and increase productivity. As most software systems, these libraries and frameworks also evolve, which may break existing clients. However, the main reasons to introduce breaking…

Software Engineering · Computer Science 2018-08-09 Aline Brito , Laerte Xavier , Andre Hora , Marco Tulio Valente

Developers usually use TPLs to facilitate the development of the projects to avoid reinventing the wheels, however, the vulnerable TPLs indeed cause severe security threats. The majority of existing research only considered whether projects…

Software Engineering · Computer Science 2024-09-05 Fangyuan Zhang , Lingling Fan , Sen Chen , Miaoying Cai , Sihan Xu , Lida Zhao

RESTful APIs based on HTTP are one of the most important ways to make data and functionality available to applications and software services. However, the quality of the API design strongly impacts API understandability and usability, and…

Software Engineering · Computer Science 2024-09-12 Justus Bogner , Sebastian Kotstein , Daniel Abajirov , Timothy Ernst , Manuel Merkel

Usability issues that exist in security APIs cause programmers to embed those security APIs incorrectly to the applications they develop. This results in introduction of security vulnerabilities to those applications. One of the main…

Cryptography and Security · Computer Science 2017-06-13 Chamila Wijayarathna , Nalin Asanka Gamagedara Arachchilage , Jill Slay

BACKGROUND: Vulnerable dependencies are a known problem in today's open-source software ecosystems because OSS libraries are highly interconnected and developers do not always update their dependencies. AIMS: In this paper we aim to present…

Software Engineering · Computer Science 2018-08-30 Ivan Pashchenko , Henrik Plate , Serena Elisa Ponta , Antonino Sabetta , Fabio Massacci

Web communication has become an indispensable characteristic of mobile apps. However, it is not clear what data the apps transmit, to whom, and what consequences such transmissions have. We analyzed the web communications found in mobile…

Cryptography and Security · Computer Science 2020-06-03 Pascal Gadient , Mohammad Ghafari , Marc-Andrea Tarnutzer , Oscar Nierstrasz

Producing secure software is challenging. The poor usability of security APIs makes this even harder. Many recommendations have been proposed to support developers by improving the usability of cryptography libraries and APIs; rooted in…

Cryptography and Security · Computer Science 2021-05-06 Nikhil Patnaik , Andrew C. Dwyer , Joseph Hallett , Awais Rashid

APIs are the primary mechanism for developers to gain access to externally defined services and tools. However, previous research has revealed API misuses that violate the contract of APIs to be prevalent. Such misuses can have harmful…

Cryptography and Security · Computer Science 2021-05-18 Rodrigo Bonifacio , Stefan Krüger , Krishna Narasimhan , Eric Bodden , Mira Mezini

OAuth protocols have been widely adopted to simplify user authentication and service authorization for third-party applications. However, little effort has been devoted to automatically checking the security of the libraries that service…

Cryptography and Security · Computer Science 2023-08-30 Tamjid Al Rahat , Yu Feng , Yuan Tian