English
Related papers

Related papers: Cryptography Vulnerabilities on HackerOne

200 papers

Prior research has shown that cryptography is hard to use for developers. We aim to understand what cryptography issues developers face in practice. We clustered 91954 cryptography-related questions on the Stack Overflow website, and…

Cryptography and Security · Computer Science 2021-08-17 Mohammadreza Hazhirpasand , Oscar Nierstrasz , Mohammadhossein Shabani , Mohammad Ghafari

The security of the Internet rests on a small number of open-source cryptographic libraries: a vulnerability in any one of them threatens to compromise a significant percentage of web traffic. Despite this potential for security impact, the…

Cryptography and Security · Computer Science 2021-07-13 Jenny Blessing , Michael A. Specter , Daniel J. Weitzner

[Background] Previous research has shown that developers commonly misuse cryptography APIs. [Aim] We have conducted an exploratory study to find out how crypto APIs are used in open-source Java projects, what types of misuses exist, and why…

Cryptography and Security · Computer Science 2020-09-03 Mohammadreza Hazhirpasand , Mohammad Ghafari , Oscar Nierstrasz

Recent studies have shown that developers have difficulties in using cryptographic APIs, which often led to security flaws. We are interested to tackle this matter by looking into what types of problems exist in various crypto libraries. We…

Cryptography and Security · Computer Science 2021-11-03 Mohammadreza Hazhirpasand , Oscar Nierstrasz , Mohammad Ghafari

We surveyed 97 developers who had used cryptography in open-source projects, in the hope of identifying developer security and cryptography practices. We asked them about individual and company-level practices, and divided respondents into…

Cryptography and Security · Computer Science 2021-10-01 Mohammadreza Hazhirpasand , Oscar Nierstrasz , Mohammad Ghafari

Given programming languages can provide different types and levels of security support, it is critically important to consider security aspects while selecting programming languages for developing software systems. Inadequate consideration…

Software Engineering · Computer Science 2021-11-29 Roland Croft , Yongzheng Xie , Mansooreh Zahedi , M. Ali Babar , Christoph Treude

Cryptographic libraries, an essential part of cybersecurity, are shown to be susceptible to different types of attacks, including side-channel and memory-corruption attacks. In this article, we examine popular cryptographic libraries in…

Cryptography and Security · Computer Science 2026-05-21 Rodothea Myrsini Tsoupidi , Elena Troubitsyna , Panos Papadimitratos

Blockchain, as a distributed ledger technology, becomes increasingly popular, especially for enabling valuable cryptocurrencies and smart contracts. However, the blockchain software systems inevitably have many bugs. Although bugs in smart…

Cryptography and Security · Computer Science 2023-02-22 Xiao Yi , Daoyuan Wu , Lingxiao Jiang , Yuzhou Fang , Kehuan Zhang , Wei Zhang

Previous research has shown that crypto APIs are hard for developers to understand and difficult for them to use. They consequently rely on unvalidated boilerplate code from online resources where security vulnerabilities are common. We…

Cryptography and Security · Computer Science 2019-08-06 Mohammadreza Hazhirpasand , Mohammad Ghafari , Stefan Krüger , Eric Bodden , Oscar Nierstrasz

Cryptography is known as a challenging topic for developers. We studied StackOverflow posts to identify the problems that developers encounter when using Java Cryptography Architecture (JCA) for symmetric encryption. We investigated…

Cryptography and Security · Computer Science 2024-06-11 Ehsan Firouzi , Mohammad Ghafari

Cryptographic API misuse represents a critical vulnerability class that undermines the security foundations of modern software. Yet, it remains largely unexplored in Go despite its dominance in security-critical infrastructure. This paper…

Cryptography and Security · Computer Science 2026-04-28 Vivi Andersson , Martin Monperrus

Research has shown that cryptographic APIs are hard to use. Consequently, developers resort to using code examples available in online information sources that are often not secure. We have developed a web platform, named CryptoExplorer,…

Software Engineering · Computer Science 2020-01-06 Mohammadreza Hazhirpasand , Mohammad Ghafari , Oscar Nierstrasz

Traditionally, "Cryptography" is a benediction to information processing and communications, it helps people to store information securely and the private communications over long distances. Cryptovirology is the study of applications of…

Cryptography and Security · Computer Science 2011-08-12 Saurabh Anandrao Shivale

All computer programs have flaws, some of which can be exploited to gain unauthorized access to computer systems. We conducted a field study on publicly reported vulnerabilities affecting three open source software projects in widespread…

Software Engineering · Computer Science 2019-12-05 Raul Barbosa , Frederico Cerveira , Luis Goncalo , Henrique Madeira

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty

We propose a novel approach to improving software security called Cryptographic Path Hardening, which is aimed at hiding security vulnerabilities in software from attackers through the use of provably secure and obfuscated cryptographic…

Software Engineering · Computer Science 2012-02-03 Vijay Ganesh , Michael Carbin , Martin Rinard

This paper presents results from the MSR 2021 Hackathon. Our team investigates files/projects that contain known security vulnerabilities and how widespread they are throughout repositories in open source software. These security…

Software Engineering · Computer Science 2021-03-24 David Reid , Kalvin Eng , Chris Bogart , Adam Tutko

Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks,…

Cryptography and Security · Computer Science 2025-03-27 Zhuoyun Qian , Fangtian Zhong , Qin Hu , Yili Jiang , Jiaqi Huang , Mengfei Ren , Jiguo Yu

We systematize software side-channel attacks with a focus on vulnerabilities and countermeasures in the cryptographic implementations. Particularly, we survey past research literature to categorize vulnerable implementations, and identify…

Cryptography and Security · Computer Science 2019-12-13 Tianwei Zhang , Jun Jiang , Yinqian Zhang

Cryptocurrency is a novel exploration of a form of currency that proposes a decentralized electronic payment scheme based on blockchain technology and cryptographic theory. While cryptocurrency has the security characteristics of being…

Cryptography and Security · Computer Science 2025-03-31 Zekai Liu , Xiaoqi Li
‹ Prev 1 2 3 10 Next ›