" False negative-that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing
The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
Improving java deserialization gadget chain mining via overriding-guided object generation
Java (de) serialization is prone to causing security-critical vulnerabilities that attackers can
invoke existing methods (gadgets) on the application's classpath to construct a gadget chain …
invoke existing methods (gadgets) on the application's classpath to construct a gadget chain …
Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java
Static application security testing (SAST) takes a significant role in the software development
life cycle (SDLC). However, it is challenging to comprehensively evaluate the effectiveness …
life cycle (SDLC). However, it is challenging to comprehensively evaluate the effectiveness …
Automatic testing and benchmarking for configurable static analysis tools
A Mordahl - Proceedings of the 32nd ACM SIGSOFT International …, 2023 - dl.acm.org
Static analysis is an important tool for detecting bugs in real-world software. The advent of
numerous analysis algorithms with their own tradeoffs has led to the proliferation of …
numerous analysis algorithms with their own tradeoffs has led to the proliferation of …
Fluently specifying taint-flow queries with fluentTQL
Previous work has shown that taint analyses are only useful if correctly customized to the
context in which they are used. Existing domain-specific languages (DSLs) allow such …
context in which they are used. Existing domain-specific languages (DSLs) allow such …
Demystifying Template-Based Invariant Generation for Bit-Vector Programs
The template-based approach to invariant generation is a parametric and relatively
complete methodology for inferring loop invariants. The relative completeness ensures the …
complete methodology for inferring loop invariants. The relative completeness ensures the …
Reducing the memory footprint of IFDS-based data-flow analyses using fine-grained garbage collection
The IFDS algorithm can be both memory-and compute-intensive for large programs as it
needs to store a huge amount of path edges in memory and process them until a fixed point …
needs to store a huge amount of path edges in memory and process them until a fixed point …
A permission-carrying security policy and static enforcement for information flows in Android programs
X Liu, K Liu - Computers & Security, 2023 - Elsevier
To detect information leaks in Android programs, existing taint analysis approaches usually
specify and enforce (statically or dynamically) the two-level information flow policy …
specify and enforce (statically or dynamically) the two-level information flow policy …
Understanding and Finding Java Decompiler Bugs
Java decompilers are programs that perform the reverse process of Java compilers, ie, they
translate Java bytecode to Java source code. They are essential for reverse engineering …
translate Java bytecode to Java source code. They are essential for reverse engineering …
Sensitive and Personal Data: What Exactly Are You Talking About?
Mobile devices are pervasively used for a variety of tasks, including the processing of
sensitive data in mobile apps. While in most cases access to this data is legitimate, malware …
sensitive data in mobile apps. While in most cases access to this data is legitimate, malware …