English
Related papers

Related papers: Data-Driven Vulnerability Detection and Repair in …

200 papers

Large language model fine-tuning APIs enable widespread model customization, yet pose significant safety risks. Recent work shows that adversaries can exploit access to these APIs to bypass model safety mechanisms by encoding harmful…

Machine Learning · Computer Science 2025-08-26 Jack Youstra , Mohammed Mahfoud , Yang Yan , Henry Sleight , Ethan Perez , Mrinank Sharma

Version control systems for source code, such as Git, are key tools in modern software development environments. Many developers use online services, such as GitHub or GitLab, for collaborative software development. While software projects…

Cryptography and Security · Computer Science 2022-11-15 Alexander Krause , Jan H. Klemmer , Nicolas Huaman , Dominik Wermke , Yasemin Acar , Sascha Fahl

The Ethereum ecosystem, which secures over $381 billion in assets, fundamentally relies on client APIs as the sole interface between users and the blockchain. However, these critical APIs suffer from widespread implementation…

Software Engineering · Computer Science 2026-05-15 Jie Ma , Ningyu He , Jinwen Xi , Mingzhe Xing , Liangxin Liu , Jiushenzi Luo , Xiaopeng Fu , Chiachih Wu , Haoyu Wang , Ying Gao , Yinliang Yue

Ensuring that large language models (LLMs) can effectively assess, detect, explain, and remediate software vulnerabilities is critical for building robust and secure software systems. We introduce VADER, a human-evaluated benchmark designed…

Cryptography and Security · Computer Science 2025-05-27 Ethan TS. Liu , Austin Wang , Spencer Mateega , Carlos Georgescu , Danny Tang

Malware authors commonly use obfuscation to hide API identities in binary files, making analysis difficult and time-consuming for a human expert to understand the behavior and intent of the program. Automatic API prediction tools are…

CONTEXT: Applying vulnerability detection techniques is one of many tasks using the limited resources of a software project. OBJECTIVE: The goal of this research is to assist managers and other decision-makers in making informed choices…

Software Engineering · Computer Science 2022-08-03 Sarah Elder , Nusrat Zahan , Rui Shu , Monica Metro , Valeri Kozarev , Tim Menzies , Laurie Williams

We conduct a large-scale measurement of developers' insecure practices leading to mini-app to super-app authentication bypass, among which hard-coding developer secrets for such authentication is a major contributor. We also analyze the…

Cryptography and Security · Computer Science 2023-07-19 Supraja Baskaran , Lianying Zhao , Mohammad Mannan , Amr Youssef

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

We present the design of something we call Confidentiality, Integrity and Authentication Sub-Frameworks, which are a part of a more general Java Data Security Framework (JDSF) designed to support various aspects related to data security…

Cryptography and Security · Computer Science 2016-04-04 Serguei A. Mokhov , Lee Wei Huynh , Jian Li , Farid Rassai

In this paper, we present a new framework, named GPTAid, for automatic APSRs generation by analyzing API source code with LLM and detecting API misuse caused by incorrect parameter use. To validate the correctness of the LLM-generated…

Cryptography and Security · Computer Science 2024-09-20 Jinghua Liu , Yi Yang , Kai Chen , Miaoqian Lin

Tracing the sequence of library and system calls that a program makes is very helpful in the characterization of its interactions with the surrounding environment and ultimately of its semantics. Due to entanglements of real-world software…

Cryptography and Security · Computer Science 2024-10-30 Daniele Cono D'Elia , Simone Nicchi , Matteo Mariani , Matteo Marini , Federico Palmaro

Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of…

Cryptography and Security · Computer Science 2018-07-04 Kai Mindermann , Stefan Wagner

When building enterprise applications (EAs) on Java frameworks (e.g., Spring), developers often configure application components via metadata (i.e., Java annotations and XML files). It is challenging for developers to correctly use…

Software Engineering · Computer Science 2025-08-29 Md Mahir Asef Kabir , Xiaoyin Wang , Na Meng

Background: Despite the widespread use of automated security defect detection tools, software projects still contain many security defects that could result in serious damage. Such tools are largely context-insensitive and may not cover all…

Software Engineering · Computer Science 2023-07-06 Jiaxin Yu , Liming Fu , Peng Liang , Amjed Tahir , Mojtaba Shahin

Modern software design practice implies widespread use in the development of ready-made components, usually designed as external libraries. The undoubted advantages of reusing third-party code can be offset by integration errors that appear…

Software Engineering · Computer Science 2022-02-09 Vladislav Feofilaktov , Vladimir Itsykson

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and…

Cryptography and Security · Computer Science 2025-09-15 Davide Corradini , Mariano Ceccato , Mohammad Ghafari

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a…

Cryptography and Security · Computer Science 2022-01-19 Xiaoyu Sun , Xiao Chen , Kui Liu , Sheng Wen , Li Li , John Grundy