Automatic detection of Java cryptographic API misuses: Are we there yet?
The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …
correctly using these APIs is challenging for developers who lack cybersecurity training …
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs
Various studies have empirically shown that the majority of Java and Android applications
misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to …
misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to …
“They're not that hard to mitigate”: What cryptographic library developers think about timing attacks
Timing attacks are among the most devastating side-channel attacks, allowing remote
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
Understanding iot security from a market-scale perspective
Consumer IoT products and services are ubiquitous; yet, a proper characterization of
consumer IoT security is infeasible without an understanding of what IoT products are on the …
consumer IoT security is infeasible without an understanding of what IoT products are on the …
Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projects
Cryptographic API misuses, such as exposed secrets, predictable random numbers, and
vulnerable certificate verification, seriously threaten software security. The vision of …
vulnerable certificate verification, seriously threaten software security. The vision of …
" False negative-that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing
The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
Developers deserve security warnings, too: On the effect of integrated security advice on cryptographic {API} misuse
Cryptographic API misuse is responsible for a large number of software vulnerabilities. In
many cases developers are overburdened by the complex set of programming choices and …
many cases developers are overburdened by the complex set of programming choices and …
[PDF][PDF] The cyber security body of knowledge
D Basin - University of Bristol, ch. Formal Methods for, 2021 - cybok.org
The CyBOK project would like to understand how the CyBOK is being used and its uptake.
The project would like organisations using, or intending to use, CyBOK for the purposes of …
The project would like organisations using, or intending to use, CyBOK for the purposes of …
How does usable security (not) end up in software products? results from a qualitative interview study
For software to be secure in practice, users need to be willing and able to appropriately use
security features. These features are usually implemented by software professionals during …
security features. These features are usually implemented by software professionals during …
On the privacy of mental health apps: An empirical investigation and its implications for app development
An increasing number of mental health services are now offered through mobile health
(mHealth) systems, such as in mobile applications (apps). Although there is an …
(mHealth) systems, such as in mobile applications (apps). Although there is an …