English
Related papers

Related papers: Do I really need all this work to find vulnerabili…

200 papers

The current cybersecurity landscape is increasingly complex, with traditional Static Application Security Testing (SAST) tools struggling to capture complex and emerging vulnerabilities due to their reliance on rule-based matching.…

Cryptography and Security · Computer Science 2024-11-25 Mete Keltek , Rong Hu , Mohammadreza Fani Sani , Ziyue Li

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

In the past couple of decades, significant research efforts have been devoted to the prediction of software bugs (i.e., defects). In general, these works leverage a diverse set of metrics, tools, and techniques to predict which classes,…

Software Engineering · Computer Science 2024-08-06 Ehsan Mashhadi , Shaiful Chowdhury , Somayeh Modaberi , Hadi Hemmati , Gias Uddin

Software vulnerabilities can have serious consequences, which is why many techniques have been proposed to defend against them. Among these, vulnerability detection techniques are a major area of focus. However, there is a lack of a…

Software Engineering · Computer Science 2023-03-30 Yingzhou Bi , Jiangtao Huang , Penghui Liu , Lianmei Wang

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

The delivery of a framework in place for secure application development is of real value for application development teams to integrate security into their development life cycle, especially when a mobile or web application moves past the…

Cryptography and Security · Computer Science 2020-07-07 Jinfeng Li

Discovering vulnerabilities in applications of real-world complexity is a daunting task: a vulnerability may affect a single line of code, and yet it compromises the security of the entire application. Even worse, vulnerabilities may…

Cryptography and Security · Computer Science 2020-12-10 Gabriele Costa , Andrea Valenza

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

Our work explores the utilization of deep learning, specifically leveraging the CodeBERT model, to enhance code security testing for Python applications by detecting SQL injection vulnerabilities. Unlike traditional security testing methods…

Cryptography and Security · Computer Science 2025-08-29 Guan-Yan Yang , Yi-Heng Ko , Farn Wang , Kuo-Hui Yeh , Haw-Shiang Chang , Hsueh-Yi Chen

Applying security patches in open source software timely is critical for ensuring the security of downstream applications. However, it is challenging to apply these patches promptly because notifications of patches are often incomplete and…

Cryptography and Security · Computer Science 2024-06-11 Tianyu Chen , Lin Li , Taotao Qian , Jingyi Liu , Wei Yang , Ding Li , Guangtai Liang , Qianxiang Wang , Tao Xie

A precise vulnerability discovery model (VDM) will provide a useful insight to assess software security, and could be a good prediction instrument for both software vendors and users to understand security trends and plan ahead patching…

Cryptography and Security · Computer Science 2018-08-30 Viet Hung Nguyen , Fabio Massacci

Web services are becoming business-critical components, often deployed with critical software bugs that can be maliciously explored. Web vulnerability scanners allow the detection of security vulnerabilities in web services by stressing the…

Cryptography and Security · Computer Science 2022-12-26 Osejobe Ehichoya , Chinwuba Christian Nnaemeka

In software development, developers extensively utilize third-party libraries to avoid implementing existing functionalities. When a new third-party library vulnerability is disclosed, project maintainers need to determine whether their…

Software Engineering · Computer Science 2023-12-18 Zirui Chen , Xing Hu , Xin Xia , Yi Gao , Tongtong Xu , David Lo , Xiaohu Yang

Accurately assessing software vulnerabilities is essential for effective prioritization and remediation. While various scoring systems exist to support this task, their differing goals, methodologies and outputs often lead to inconsistent…

Cryptography and Security · Computer Science 2025-08-20 Viktoria Koscinski , Mark Nelson , Ahmet Okutan , Robert Falso , Mehdi Mirakhorli

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing (SAST) tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic…

Context: Software security patch management purports to support the process of patching known software security vulnerabilities. Given the increasing recognition of the importance of software security patch management, it is important and…

Software Engineering · Computer Science 2021-08-23 Nesara Dissanayake , Asangi Jayatilaka , Mansooreh Zahedi , M. Ali Babar

With the increase in software vulnerabilities that cause significant economic and social losses, automatic vulnerability detection has become essential in software development and maintenance. Recently, large language models (LLMs) like GPT…

Software Engineering · Computer Science 2024-04-15 Chenyuan Zhang , Hao Liu , Jiutian Zeng , Kejing Yang , Yuhong Li , Hui Li

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole…

Cryptography and Security · Computer Science 2017-05-11 Federico De Meo , Luca Viganò

Software vulnerability detection is critical in software security because it identifies potential bugs in software systems, enabling immediate remediation and mitigation measures to be implemented before they may be exploited. Automatic…

Software Engineering · Computer Science 2023-06-21 Nima Shiri Harzevili , Alvine Boaye Belle , Junjie Wang , Song Wang , Zhen Ming , Jiang , Nachiappan Nagappan

Web applications are distributed applications, they are programs that run on more than one computer and communicate through a network or server. This very distributed nature of web applications, combined with the scale and sheer complexity…

Cryptography and Security · Computer Science 2022-10-17 Akash Nagaraj , Bishesh Sinha , Mukund Sood , Yash Mathur , Sanchika Gupta , Dinkar Sitaram