English
Related papers

Related papers: Obfuscating Code Vulnerabilities against Static An…

200 papers
Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos
Longitudinal Analyses of SAST Tools: A CodeQL Case Study

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel
A Systematic Study of Code Obfuscation Against LLM-based Vulnerability Detection

As large language models (LLMs) are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code…

Cryptography and Security · Computer Science 2025-12-19 Xiao Li , Yue Li , Hao Wu , Yue Zhang , Yechao Zhang , Fengyuan Xu , Sheng Zhong
Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection

With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains…

Cryptography and Security · Computer Science 2025-07-31 Zhihong Liang , Xin Wang , Zhenhuang Hu , Liangliang Song , Lin Chen , Jingjing Guo , Yanbin Wang , Ye Tian
OBsmith: LLM-Powered JavaScript Obfuscator Testing

JavaScript obfuscators are widely deployed to protect intellectual property and resist reverse engineering, yet their correctness has been largely overlooked compared to performance and resilience. Existing evaluations typically measure…

Software Engineering · Computer Science 2026-03-03 Shan Jiang , Chenguang Zhu , Sarfraz Khurshid
From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis

JavaScript's widespread adoption has made it an attractive target for malicious attackers who employ sophisticated obfuscation techniques to conceal harmful code. Current deobfuscation tools suffer from critical limitations that severely…

Cryptography and Security · Computer Science 2025-12-17 Dongchao Zhou , Lingyun Ying , Huajun Chai , Dongbin Wang
An Empirical Study of Static Analysis Tools for Secure Code Review

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude
The Code Barrier: What LLMs Actually Understand?

Understanding code represents a core ability needed for automating software development tasks. While foundation models like LLMs show impressive results across many software engineering challenges, the extent of their true semantic…

Software Engineering · Computer Science 2025-04-16 Serge Lionel Nikiema , Jordan Samhi , Abdoul Kader Kaboré , Jacques Klein , Tegawendé F. Bissyandé
Optimizing Away JavaScript Obfuscation

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by…

Cryptography and Security · Computer Science 2020-09-22 Adrian Herrera
Comparison of Static Application Security Testing Tools and Large Language Models for Repo-level Vulnerability Detection

Software vulnerabilities pose significant security challenges and potential risks to society, necessitating extensive efforts in automated vulnerability detection. There are two popular lines of work to address automated vulnerability…

Software Engineering · Computer Science 2024-07-24 Xin Zhou , Duc-Manh Tran , Thanh Le-Cong , Ting Zhang , Ivana Clairine Irsan , Joshua Sumarlin , Bach Le , David Lo
Learning Algorithms in Static Analysis of Web Applications

Web applications are distributed applications, they are programs that run on more than one computer and communicate through a network or server. This very distributed nature of web applications, combined with the scale and sheer complexity…

Cryptography and Security · Computer Science 2022-10-17 Akash Nagaraj , Bishesh Sinha , Mukund Sood , Yash Mathur , Sanchika Gupta , Dinkar Sitaram
Static Application Security Testing (SAST) Tools for Smart Contracts: How Far Are We?

In recent years, the importance of smart contract security has been heightened by the increasing number of attacks against them. To address this issue, a multitude of static application security testing (SAST) tools have been proposed for…

Software Engineering · Computer Science 2024-07-02 Kaixuan Li , Yue Xue , Sen Chen , Han Liu , Kairan Sun , Ming Hu , Haijun Wang , Yang Liu , Yixiang Chen
Disappearing Ink: Obfuscation Breaks N-gram Code Watermarks in Theory and Practice

Distinguishing AI-generated code from human-written code is becoming crucial for tasks such as authorship attribution, content tracking, and misuse detection. Based on this, N-gram-based watermarking schemes have emerged as prominent, which…

Cryptography and Security · Computer Science 2025-07-09 Gehao Zhang , Eugene Bagdasarian , Juan Zhai , Shiqing Ma
Evaluation of Static Analysis Tools for Finding Vulnerabilities in Java and C/C++ Source Code

It is quite common for security testing to be delayed until after the software has been developed, but vulnerabilities may get noticed throughout the implementation phase and the earlier they are discovered, the easier and cheaper it will…

Software Engineering · Computer Science 2018-05-25 Rahma Mahmood , Qusay H. Mahmoud
CASTLE: Benchmarking Dataset for Static Code Analyzers and LLMs towards CWE Detection

Identifying vulnerabilities in source code is crucial, especially in critical software components. Existing methods such as static analysis, dynamic analysis, formal verification, and recently Large Language Models are widely used to detect…

Cryptography and Security · Computer Science 2025-04-01 Richard A. Dubniczky , Krisztofer Zoltán Horvát , Tamás Bisztray , Mohamed Amine Ferrag , Lucas C. Cordeiro , Norbert Tihanyi
Assessment of Source Code Obfuscation Techniques

Obfuscation techniques are a general category of software protections widely adopted to prevent malicious tampering of the code by making applications more difficult to understand and thus harder to modify. Obfuscation techniques are…

Software Engineering · Computer Science 2017-04-10 Alessio Viticchié , Leonardo Regano , Marco Torchiano , Cataldo Basile , Mariano Ceccato , Paolo Tonella , Roberto Tiella
Causative Insights into Open Source Software Security using Large Language Code Embeddings and Semantic Vulnerability Graph

Open Source Software (OSS) security and resilience are worldwide phenomena hampering economic and technological innovation. OSS vulnerabilities can cause unauthorized access, data breaches, network disruptions, and privacy violations,…

Software Engineering · Computer Science 2024-01-17 Nafis Tanveer Islam , Gonzalo De La Torre Parra , Dylan Manual , Murtuza Jadliwala , Peyman Najafirad
JConstHide: A Framework for Java Source Code Constant Hiding

Software obfuscation or obscuring a software is an approach to defeat the practice of reverse engineering a software for using its functionality illegally in the development of another software. Java applications are more amenable to…

Cryptography and Security · Computer Science 2009-04-23 Praveen Sivadasan , P Sojan Lal
Finding 709 Defects in 258 Projects: An Experience Report on Applying CodeQL to Open-Source Embedded Software (Experience Paper) -- Extended Report

In this experience paper, we report on a large-scale empirical study of Static Application Security Testing (SAST) in Open-Source Embedded Software (EMBOSS) repositories. We collected a corpus of 258 of the most popular EMBOSS projects, and…

Software Engineering · Computer Science 2025-04-28 Mingjie Shen , Akul Abhilash Pillai , Brian A. Yuan , James C. Davis , Aravind Machiry
FV8: A Forced Execution JavaScript Engine for Detecting Evasive Techniques

Evasion techniques allow malicious code to never be observed. This impacts significantly the detection capabilities of tools that rely on either dynamic or static analysis, as they never get to process the malicious code. The dynamic nature…

Cryptography and Security · Computer Science 2024-05-24 Nikolaos Pantelaios , Alexandros Kapravelos
‹ Prev 1 2 3 10 Next ›