Automatic detection of Java cryptographic API misuses: Are we there yet?
The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …
correctly using these APIs is challenging for developers who lack cybersecurity training …
D2a: A dataset built for ai-based vulnerability detection methods using differential analysis
Static analysis tools are widely used for vulnerability detection as they understand programs
with complex behavior and millions of lines of code. Despite their popularity, static analysis …
with complex behavior and millions of lines of code. Despite their popularity, static analysis …
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs
Various studies have empirically shown that the majority of Java and Android applications
misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to …
misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to …
Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projects
Cryptographic API misuses, such as exposed secrets, predictable random numbers, and
vulnerable certificate verification, seriously threaten software security. The vision of …
vulnerable certificate verification, seriously threaten software security. The vision of …
Learning to represent edits
We introduce the problem of learning distributed representations of edits. By combining a"
neural editor" with an" edit encoder", our models learn to represent the salient information of …
neural editor" with an" edit encoder", our models learn to represent the salient information of …
Practical Security Analysis of {Zero-Knowledge} Proof Circuits
As privacy-sensitive applications based on zero-knowledge proofs (ZKPs) gain increasing
traction, there is a pressing need to detect vulnerabilities in ZKP circuits. This paper studies …
traction, there is a pressing need to detect vulnerabilities in ZKP circuits. This paper studies …
The evolution of type annotations in python: an empirical study
L Di Grazia, M Pradel - Proceedings of the 30th ACM Joint European …, 2022 - dl.acm.org
Type annotations and gradual type checkers attempt to reveal errors and facilitate
maintenance in dynamically typed programming languages. Despite the availability of these …
maintenance in dynamically typed programming languages. Despite the availability of these …
An investigation into misuse of java security apis by large language models
The increasing trend of using Large Language Models (LLMs) for code generation raises
the question of their capability to generate trustworthy code. While many researchers are …
the question of their capability to generate trustworthy code. While many researchers are …
Negative results on mining crypto-api usage rules in android apps
Android app developers recurrently use crypto-APIs to provide data security to app users.
Unfortunately, misuse of APIs only creates an illusion of security and even exposes apps to …
Unfortunately, misuse of APIs only creates an illusion of security and even exposes apps to …
Exposing library API misuses via mutation analysis
Misuses of library APIs are pervasive and often lead to software crashes and vulnerability
issues. Various static analysis tools have been proposed to detect library API misuses. They …
issues. Various static analysis tools have been proposed to detect library API misuses. They …