Automatic detection of Java cryptographic API misuses: Are we there yet?
The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …
correctly using these APIs is challenging for developers who lack cybersecurity training …
Understanding iot security from a market-scale perspective
Consumer IoT products and services are ubiquitous; yet, a proper characterization of
consumer IoT security is infeasible without an understanding of what IoT products are on the …
consumer IoT security is infeasible without an understanding of what IoT products are on the …
An empirical evaluation of GDPR compliance violations in Android mHealth apps
The purpose of the General Data Protection Regulation (GDPR) is to provide improved
privacy protection. If an app controls personal data from users, it needs to be compliant with …
privacy protection. If an app controls personal data from users, it needs to be compliant with …
Evaluation of static vulnerability detection tools with Java cryptographic API benchmarks
Several studies showed that misuses of cryptographic APIs are common in real-world code
(eg, Apache projects and Android apps). There exist several open-sourced and commercial …
(eg, Apache projects and Android apps). There exist several open-sourced and commercial …
Crylogger: Detecting crypto misuses dynamically
Cryptographic (crypto) algorithms are the essential ingredients of all secure systems: crypto
hash functions and encryption algorithms, for example, can guarantee properties such as …
hash functions and encryption algorithms, for example, can guarantee properties such as …
Why eve and mallory still love android: Revisiting {TLS}({In) Security} in android applications
Android applications have a long history of being vulnerable to man-in-the-middle attacks
due to insecure custom TLS certificate validation implementations. To resolve this, Google …
due to insecure custom TLS certificate validation implementations. To resolve this, Google …
" False negative--that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing
The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
Security notifications in static analysis tools: Developers' attitudes, comprehension, and ability to act on them
Static analysis tools (SATs) have the potential to assist developers in finding and fixing
vulnerabilities in the early stages of software development, requiring them to be able to …
vulnerabilities in the early stages of software development, requiring them to be able to …
How well does llm generate security tests?
Developers often build software on top of third-party libraries (Libs) to improve programmer
productivity and software quality. The libraries may contain vulnerabilities exploitable by …
productivity and software quality. The libraries may contain vulnerabilities exploitable by …
Why crypto-detectors fail: A systematic evaluation of cryptographic misuse detection techniques
The correct use of cryptography is central to ensuring data security in modern software
systems. Hence, several academic and commercial static analysis tools have been …
systems. Hence, several academic and commercial static analysis tools have been …