English
Related papers

Related papers: Evaluation of Static Vulnerability Detection Tools…

200 papers

Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic API calls in massive-sized…

Cryptography and Security · Computer Science 2019-03-28 Sazzadur Rahaman , Ya Xiao , Sharmin Afrose , Fahad Shaon , Ke Tian , Miles Frantz , Danfeng , Yao , Murat Kantarcioglu

Context: Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive…

Software Engineering · Computer Science 2022-04-14 Michael Schlichtig , Anna-Katharina Wickert , Stefan Krüger , Eric Bodden , Mira Mezini

The correct adoption of cryptography APIs is challenging for mainstream developers, often resulting in widespread API misuse. Meanwhile, cryptography misuse detectors have demonstrated inconsistent performance and remain largely…

Cryptography and Security · Computer Science 2024-09-11 Ehsan Firouzi , Mohammad Ghafari , Mike Ebrahimi

The Java libraries JCA and JSSE offer cryptographic APIs to facilitate secure coding. When developers misuse some of the APIs, their code becomes vulnerable to cyber-attacks. To eliminate such vulnerabilities, people built tools to detect…

Cryptography and Security · Computer Science 2022-05-02 Ying Zhang , Ya Xiao , Md Mahir Asef Kabir , Danfeng , Yao , Na Meng

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design,…

Cryptography and Security · Computer Science 2025-05-15 Zahra Mousavi , Chadni Islam , M. Ali Babar , Alsharif Abuadbba , Kristen Moore

Cryptographic API misuse represents a critical vulnerability class that undermines the security foundations of modern software. Yet, it remains largely unexplored in Go despite its dominance in security-critical infrastructure. This paper…

Cryptography and Security · Computer Science 2026-04-28 Vivi Andersson , Martin Monperrus

While the automated detection of cryptographic API misuses has progressed significantly, its precision diminishes for intricate targets due to the reliance on manually defined patterns. Large Language Models (LLMs) offer a promising…

Cryptography and Security · Computer Science 2026-03-19 Yifan Xia , Zichen Xie , Peiyu Liu , Kangjie Lu , Yan Liu , Wenhai Wang , Shouling Ji

Application Programming Interfaces (APIs) often have usage constraints, such as restrictions on call order or call conditions. API misuses, i.e., violations of these constraints, may lead to software crashes, bugs, and vulnerabilities.…

Software Engineering · Computer Science 2018-03-14 Sven Amann , Hoan Anh Nguyen , Sarah Nadi , Tien N. Nguyen , Mira Mezini

Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity…

Cryptography and Security · Computer Science 2023-03-27 Anna-Katharina Wickert , Lars Baumgärtner , Michael Schlichtig , Krishna Narasimhan , Mira Mezini

Various studies have empirically shown that the majority of Java and Android apps misuse cryptographic libraries, causing devastating breaches of data security. Therefore, it is crucial to detect such misuses early in the development…

Software Engineering · Computer Science 2017-10-04 Stefan Krüger , Johannes Späth , Karim Ali , Eric Bodden , Mira Mezini

Research has shown that cryptographic APIs are hard to use. Consequently, developers resort to using code examples available in online information sources that are often not secure. We have developed a web platform, named CryptoExplorer,…

Software Engineering · Computer Science 2020-01-06 Mohammadreza Hazhirpasand , Mohammad Ghafari , Oscar Nierstrasz

The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers…

Cryptography and Security · Computer Science 2022-01-20 Miles Frantz

Cryptographic (crypto) algorithms are the essential ingredients of all secure systems: crypto hash functions and encryption algorithms, for example, can guarantee properties such as integrity and confidentiality. Developers, however, can…

Cryptography and Security · Computer Science 2020-09-07 Luca Piccolboni , Giuseppe Di Guglielmo , Luca P. Carloni , Simha Sethumadhavan

[Background] Previous research has shown that developers commonly misuse cryptography APIs. [Aim] We have conducted an exploratory study to find out how crypto APIs are used in open-source Java projects, what types of misuses exist, and why…

Cryptography and Security · Computer Science 2020-09-03 Mohammadreza Hazhirpasand , Mohammad Ghafari , Oscar Nierstrasz

Background: Previous studies have shown that up to 99.59 % of the Java apps using crypto APIs misuse the API at least once. However, these studies have been conducted on Java and C, while empirical studies for other languages are missing.…

Software Engineering · Computer Science 2021-09-03 Anna-Katharina Wickert , Lars Baumgärtner , Florian Breitfelder , Mira Mezini

Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities. Parfait is a static code analysis tool used in Oracle to find security vulnerabilities in…

Software Engineering · Computer Science 2022-01-04 Ya Xiao , Yang Zhao , Nicholas Allen , Nathan Keynes , Danfeng , Yao , Cristina Cifuentes

Java platform provides various APIs to facilitate secure coding. However, correctly using security APIs is usually challenging for developers who lack cybersecurity training. Prior work shows that many developers misuse security APIs; such…

Cryptography and Security · Computer Science 2021-02-16 Ying Zhang , Mahir Kabir , Ya Xiao , Danfeng , Yao , Na Meng

To identify security vulnerabilities in Android applications, numerous static application security testing (SAST) tools have been proposed. However, it poses significant challenges to assess their overall performance on diverse…

Software Engineering · Computer Science 2024-10-29 Jingyun Zhu , Kaixuan Li , Sen Chen , Lingling Fan , Junjie Wang , Xiaofei Xie

In recent years, various benchmark suites have been developed to evaluate the efficacy of Android security analysis tools. The choice of such benchmark suites used in tool evaluations is often based on the availability and popularity of…

Software Engineering · Computer Science 2020-02-05 Joydeep Mitra , Venkatesh-Prasad Ranganath , Aditya Narkar

Background. Developers use Automated Static Analysis Tools (ASATs) to control for potential quality issues in source code, including defects and technical debt. Tool vendors have devised quite a number of tools, which makes it harder for…

Software Engineering · Computer Science 2021-01-25 Valentina Lenarduzzi , Savanna Lujan , Nyyti Saarimaki , Fabio Palomba
‹ Prev 1 2 3 10 Next ›