" False negative-that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing
The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
An investigation into misuse of java security apis by large language models
The increasing trend of using Large Language Models (LLMs) for code generation raises
the question of their capability to generate trustworthy code. While many researchers are …
the question of their capability to generate trustworthy code. While many researchers are …
Java cryptography uses in the wild
[Background] Previous research has shown that developers commonly misuse cryptography
APIs.[Aim] We have conducted an exploratory study to find out how crypto APIs are used in …
APIs.[Aim] We have conducted an exploratory study to find out how crypto APIs are used in …
“Do this! Do that!, And nothing will happen” Do specifications lead to securely stored passwords?
Does the act of writing a specification (how the code should behave) for a piece of security
sensitive code lead to developers producing more secure code? We asked 138 developers …
sensitive code lead to developers producing more secure code? We asked 138 developers …
Prompting Techniques for Secure Code Generation: A Systematic Investigation
Large Language Models (LLMs) are gaining momentum in software development with
prompt-driven programming enabling developers to create code from natural language (NL) …
prompt-driven programming enabling developers to create code from natural language (NL) …
Detecting Misuses of Security APIs: A Systematic Review
Security Application Programming Interfaces (APIs) play a vital role in ensuring software
security. However, misuse of security APIs may introduce vulnerabilities that can be …
security. However, misuse of security APIs may introduce vulnerabilities that can be …
LLM security guard for code
A Kavian, MM Pourhashem Kallehbasti… - Proceedings of the 28th …, 2024 - dl.acm.org
Many developers rely on Large Language Models (LLMs) to facilitate software development.
Nevertheless, these models have exhibited limited capabilities in the security domain. We …
Nevertheless, these models have exhibited limited capabilities in the security domain. We …
Fluentcrypto: Cryptography in easy mode
S Kafader, M Ghafari - 2021 IEEE International Conference on …, 2021 - ieeexplore.ieee.org
Research has shown that cryptography concepts are hard to understand for developers, and
secure use of cryptography APIs is challenging for mainstream developers. We have …
secure use of cryptography APIs is challenging for mainstream developers. We have …
Worrisome patterns in developers: A survey in cryptography
M Hazhirpasand, M Ghafari - 2021 36th IEEE/ACM …, 2021 - ieeexplore.ieee.org
We surveyed 97 developers who had used cryptography in open-source projects, in the
hope of identifying developer security and cryptography practices. We asked them about …
hope of identifying developer security and cryptography practices. We asked them about …
[HTML][HTML] Time to separate from StackOverflow and match with ChatGPT for encryption
Cryptography is known as a challenging topic for developers. We studied StackOverflow
posts to identify the problems that developers encounter when using Java Cryptography …
posts to identify the problems that developers encounter when using Java Cryptography …