Many modern cities strive to integrate information technology into every aspect of city life to
create so-called smart cities. Smart cities rely on a large number of application areas and …

The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …

The Java platform and its third-party libraries provide useful features to facilitate secure
coding. However, misusing them can cost developers time and effort, as well as introduce …

Fuzzing is a testing technique to discover unknown vulnerabilities in software. When
applying fuzzing to libraries, the core idea of supplying random input remains unchanged …

Cryptographic API misuses, such as exposed secrets, predictable random numbers, and
vulnerable certificate verification, seriously threaten software security. The vision of …

In this paper, we focus on authentication and authorization flaws in web apps that enable
partial or full access to user accounts. Specifically, we develop a novel fully automated black …

Previous research suggests that developers often struggle using low-level cryptographic
APIs and, as a result, produce insecure code. When asked, developers desire, among other …

Abstract The Open Radio Access Network (O-RAN) is a promising radio access network
(RAN) architecture aimed at reshaping the RAN industry toward an open, adaptive, and …

SSL/TLS is the most commonly deployed family of protocols for securing network
communications. The security guarantees of SSL/TLS are critically dependent on the correct …

Android applications have a long history of being vulnerable to man-in-the-middle attacks
due to insecure custom TLS certificate validation implementations. To resolve this, Google …