Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis
… In order to solve these problems, in our previous work (Wang et al., 2019c), we propose
an automatic method to detect apps with SSL/TLS certificate verification vulnerabilities. It …
an automatic method to detect apps with SSL/TLS certificate verification vulnerabilities. It …
[PDF][PDF] SAMBA: Detecting SSL/TLS API Misuses in IoT Binary Applications
… of SSLINT has similar performance in terms of detecting SSL/TLS API misuses compared with
[1] and can be used … We use the constructed ground truth dataset to evaluate SAMBA and …
[1] and can be used … We use the constructed ground truth dataset to evaluate SAMBA and …
The sorry state of TLS security in enterprise interception appliances
… [44] demonstrated that several widely used applications … SSL/TLS version acceptance and
TLS parameter mapping/mirroring, we alter the Apache web server’s configuration. We use a …
TLS parameter mapping/mirroring, we alter the Apache web server’s configuration. We use a …
The cookie hunter: Automated black-box auditing for web authentication and authorization flaws
… To facilitate further research, we will share our code with vetted researchers upon … If SSO
was used, our system also checks for information that the web app might have pulled from the …
was used, our system also checks for information that the web app might have pulled from the …
Sensing Error Handling Bugs in SSL Library Usages
C Li, M Zhou, X Han, M Gu - … on Trust, Security and Privacy in …, 2021 - ieeexplore.ieee.org
… in SSL library usages. Our tool is evaluated on 9 real-world widely used SSL applications. …
[5] proposed SSLINT to find the improper usages by matching a program dependence graph…
[5] proposed SSLINT to find the improper usages by matching a program dependence graph…
Methods and Benchmark for Detecting Cryptographic API Misuses in Python
… SSL verification. This is discouraged, and developers are recommended to use the default
SSL … Zhang, “Vetting SSL Usage in Applications with SSLINT,” in 2015 IEEE Symposium on …
SSL … Zhang, “Vetting SSL Usage in Applications with SSLINT,” in 2015 IEEE Symposium on …
Assessing certificate validation user interfaces of WPA supplicants
… Therefore, we also build an application which incorporates our test cases to test this API.
Our … Furthermore, it can benefit industry standards of secure use of SSL/TLS, eg, NIST.SP.800-…
Our … Furthermore, it can benefit industry standards of secure use of SSL/TLS, eg, NIST.SP.800-…
Cerberus: Query-driven scalable vulnerability detection in oauth service provider implementations
… We find many developers use these libraries to implement their service provider applications
… identify incorrect API usage for SSL. Egele et al. [44] studied cryptographic API misuse and …
… identify incorrect API usage for SSL. Egele et al. [44] studied cryptographic API misuse and …
[PDF][PDF] Cerberus: Query-driven Scalable Security Checking for OAuth Service Provider Implementations
… We find many developers use these libraries to implement their service provider applications
… identify incorrect API usage for SSL. Egele et al. [44] studied cryptographic API misuse and …
… identify incorrect API usage for SSL. Egele et al. [44] studied cryptographic API misuse and …
Automatic detection of Java cryptographic API misuses: Are we there yet?
… decompiled code of Android apps to detect potential vulnerabilities related to SSL. It uses …
the validity of SSL certificates for all extracted HTTPS hosts, and iii) identify apps that validate …
the validity of SSL certificates for all extracted HTTPS hosts, and iii) identify apps that validate …