Vetting Single {Sign-On}{SDK} Implementations via Symbolic Reasoning
… require expert-level domain knowledge and cannot be applied for general asynchronous
apps. Researchers have also used symbolic execution to verify web applications (eg, [12…
apps. Researchers have also used symbolic execution to verify web applications (eg, [12…
Towards best secure coding practice for implementing SSL/TLS
M Alhanahnah, Q Yan - IEEE INFOCOM 2018-IEEE Conference …, 2018 - ieeexplore.ieee.org
… Zhang, “Vetting ssl usage in applications with sslint,” in 2015 IEEE Symposium on
Security and Privacy, May 2015, pp. 519–534. [6] “PMD Tool,” https://pmd.github.io/pmd-5.8.1/index.…
Security and Privacy, May 2015, pp. 519–534. [6] “PMD Tool,” https://pmd.github.io/pmd-5.8.1/index.…
Dcdroid: Automated detection of ssl/tls certificate verification vulnerabilities in android apps
… an app to get Smali code and search the code to locate the SSL/… We use the results of
static analysis on the app to guide the … An automatically vetting mechanism for SSL error-handling …
static analysis on the app to guide the … An automatically vetting mechanism for SSL error-handling …
Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis
… In order to solve these problems, in our previous work (Wang et al., 2019c), we propose
an automatic method to detect apps with SSL/TLS certificate verification vulnerabilities. It …
an automatic method to detect apps with SSL/TLS certificate verification vulnerabilities. It …
Detecting proper SSL/TLS implementation with usage patterns
J Adeenze-Kangah, Y Chen - Journal of Physics: Conference …, 2019 - iopscience.iop.org
… application and obtaining the call graph, we supplied our tool with the Hypothesis to test the
implementation of SSL within this application. … in this paper, SSLINT considers the data flows …
implementation of SSL within this application. … in this paper, SSLINT considers the data flows …
[PDF][PDF] SSLDoc: Automatically Diagnosing Incorrect SSL API Usages in C Programs.
… modeling the correct logic usage of SSL APIs. Although SSLINT is capable of detecting …
bugs in OpenSSL implementation and 15 applications in Ubuntu which use SSL APIs, out of …
bugs in OpenSSL implementation and 15 applications in Ubuntu which use SSL APIs, out of …
HVLearn: Automated black-box analysis of hostname verification in SSL/TLS implementations
S Sivakorn, G Argyros, K Pei… - … IEEE Symposium on …, 2017 - ieeexplore.ieee.org
… use HVLearn to analyze the hostname verification implementations in a number of popular
SSL/TLS libraries and applications … SSL/TLS family of protocols are the most commonly used …
SSL/TLS libraries and applications … SSL/TLS family of protocols are the most commonly used …
Oauthlint: An empirical study on oauth bugs in android applications
… on the usage of OAuth APIs in Android applications and … apps which have more than 10
millions of downloads. The evaluation shows that 101 (32%) out of 316 applications that use …
millions of downloads. The evaluation shows that 101 (32%) out of 316 applications that use …
[图书][B] Security and Privacy of Single Sign-On Protocols: Vulnerability Analysis and Automated Testing
R Yang - 2017 - search.proquest.com
… IdP apps (Facebook, Google and Sina) and their corresponding SDKs widely used by the …
cation, which can be either manually speci ed (eg, SSLint [65]), extracted from code [19] or …
cation, which can be either manually speci ed (eg, SSLint [65]), extracted from code [19] or …
[PDF][PDF] SAMBA: Detecting SSL/TLS API Misuses in IoT Binary Applications
… of SSLINT has similar performance in terms of detecting SSL/TLS API misuses compared with
[1] and can be used … We use the constructed ground truth dataset to evaluate SAMBA and …
[1] and can be used … We use the constructed ground truth dataset to evaluate SAMBA and …