English
Related papers

Related papers: Enhancing CryptoGuards Deployability for Continuou…

200 papers
CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects

Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic API calls in massive-sized…

Cryptography and Security · Computer Science 2019-03-28 Sazzadur Rahaman , Ya Xiao , Sharmin Afrose , Fahad Shaon , Ke Tian , Miles Frantz , Danfeng , Yao , Murat Kantarcioglu
Evaluation of Static Analysis Tools for Finding Vulnerabilities in Java and C/C++ Source Code

It is quite common for security testing to be delayed until after the software has been developed, but vulnerabilities may get noticed throughout the implementation phase and the earlier they are discovered, the easier and cheaper it will…

Software Engineering · Computer Science 2018-05-25 Rahma Mahmood , Qusay H. Mahmoud
Evaluation of Static Vulnerability Detection Tools with Java Cryptographic API Benchmarks

Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apache projects and Android apps). There exist several open-sourced and commercial security tools that automatically screen Java programs to…

Cryptography and Security · Computer Science 2021-12-09 Sharmin Afrose , Ya Xiao , Sazzadur Rahaman , Barton P. Miller , Danfeng , Yao
CRYLOGGER: Detecting Crypto Misuses Dynamically

Cryptographic (crypto) algorithms are the essential ingredients of all secure systems: crypto hash functions and encryption algorithms, for example, can guarantee properties such as integrity and confidentiality. Developers, however, can…

Cryptography and Security · Computer Science 2020-09-07 Luca Piccolboni , Giuseppe Di Guglielmo , Luca P. Carloni , Simha Sethumadhavan
A Smart and Defensive Human-Machine Approach to Code Analysis

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho
Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases

Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities. Parfait is a static code analysis tool used in Oracle to find security vulnerabilities in…

Software Engineering · Computer Science 2022-01-04 Ya Xiao , Yang Zhao , Nicholas Allen , Nathan Keynes , Danfeng , Yao , Cristina Cifuentes
Towards Immediate Feedback for Security Relevant Code in Development Environments

Nowadays, the correct use of cryptography libraries is essential to ensure the necessary information security in different kinds of applications. A common practice in software development is the use of static application security testing…

Software Engineering · Computer Science 2022-07-08 Markus Haug Ana Cristina Franco Da Silva , Stefan Wagner
Static Security Vulnerability Scanning of Proprietary and Open-Source Software: An Adaptable Process with Variants and Results

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick
A Static Analysis Platform for Investigating Security Trends in Repositories

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

Software Engineering · Computer Science 2023-04-05 Tim Sonnekalb , Christopher-Tobias Knaust , Bernd Gruner , Clemens-Alexander Brust , Lynn von Kurnatowski , Andreas Schreiber , Thomas S. Heinze , Patrick Mäder
Many Tools, Few Exploitable Vulnerabilities: A Survey of 246 Static Code Analyzers for Security

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger
Advanced Vulnerability Scanning for Open Source Software: Detection and Mitigation of Log4j Vulnerabilities

Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe…

Software Engineering · Computer Science 2026-01-05 Victor Wen , Zedong Peng
Conversational Code Analysis: The Future of Secure Coding

The area of software development and secure coding can benefit significantly from advancements in virtual assistants. Research has shown that many coders neglect security in favor of meeting deadlines. This shortcoming leaves systems…

Cryptography and Security · Computer Science 2021-05-14 Fitzroy D. Nembhard , Marco M. Carvalho
Secure Coding Practices in Java: Challenges and Vulnerabilities

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty
Detecting Vulnerabilities in Encrypted Software Code while Ensuring Code Privacy

Software vulnerabilities continue to be the primary cause of cyberattacks. It is crucial to identify vulnerabilities in applications' source code before attackers gain access to them and exploit any vulnerability they may contain.…

Software Engineering · Computer Science 2026-05-26 Jorge Martins , David Dantas , Rafael Ramires , Bernardo Ferreira , Ibéria Medeiros
Cryptoscope: Analyzing cryptographic usages in modern software

The advent of quantum computing poses a significant challenge as it has the potential to break certain cryptographic algorithms, necessitating a proactive approach to identify and modernize cryptographic code. Identifying these…

Cryptography and Security · Computer Science 2025-03-26 Micha Moffie , Omer Boehm , Anatoly Koyfman , Eyal Bin , Efrayim Sztokman , Sukanta Bhattacharjee , Meghnath Saha , James McGugan
CryptoExplorer: An Interactive Web Platform Supporting Secure Use of Cryptography APIs

Research has shown that cryptographic APIs are hard to use. Consequently, developers resort to using code examples available in online information sources that are often not secure. We have developed a web platform, named CryptoExplorer,…

Software Engineering · Computer Science 2020-01-06 Mohammadreza Hazhirpasand , Mohammad Ghafari , Oscar Nierstrasz
CryptoGuard: An AI-Based Cryptojacking Detection Dashboard Prototype

With the widespread adoption of cryptocurrencies, cryptojacking has become a significant security threat to crypto wallet users. This paper presents a front-end prototype of an AI-powered security dashboard, namely, CryptoGuard. Developed…

Cryptography and Security · Computer Science 2025-09-12 Amitabh Chakravorty , Jess Kropczynski , Nelly Elsayed
Annotation-Based Static Analysis for Personal Data Protection

This paper elaborates the use of static source code analysis in the context of data protection. The topic is important for software engineering in order for software developers to improve the protection of personal data during software…

Software Engineering · Computer Science 2020-03-24 Kalle Hjerppe , Jukka Ruohonen , Ville Leppänen
GitHub's Copilot Code Review: Can AI Spot Security Flaws Before You Commit?

As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review…

Software Engineering · Computer Science 2025-09-18 Amena Amro , Manar H. Alalfi
CoinWatch: A Clone-Based Approach For Detecting Vulnerabilities in Cryptocurrencies

Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin's core innovation of the blockchain data structure and consensus…

Cryptography and Security · Computer Science 2020-10-29 Qingze Hum , Wei Jin Tan , Shi Ying Tey , Latasha Lenus , Ivan Homoliak , Yun Lin , Jun Sun
‹ Prev 1 2 3 10 Next ›