Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security 2017
DOI: 10.1145/3133956.3133977
|View full text |Cite
|
Sign up to set email alerts
|

A Stitch in Time

Abstract: Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid ™ IDE plug-in, we show that professional and hobby… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
16
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
4
3
2

Relationship

2
7

Authors

Journals

citations
Cited by 59 publications
(16 citation statements)
references
References 27 publications
0
16
0
Order By: Relevance
“…Security and privacy can be challenging for developers to get right, even with the support of tools [12,22,49]. Developer errors are a common source of vulnerabilities [24] with many causes ranging from APIs with poor developer support [1,47] to static analysis tools that produce too many false positives [38].…”
Section: Introductionmentioning
confidence: 99%
“…Security and privacy can be challenging for developers to get right, even with the support of tools [12,22,49]. Developer errors are a common source of vulnerabilities [24] with many causes ranging from APIs with poor developer support [1,47] to static analysis tools that produce too many false positives [38].…”
Section: Introductionmentioning
confidence: 99%
“…This means that developers were only aware of such security mistakes at the end of or after their development cycle. Other tools [29,39] provided developers support while they were writing code. Krüger et al [29] developed Cognicryptto support developers in securely using crypto APIs.…”
Section: Related Workmentioning
confidence: 99%
“…Nguyen et al [55] proposed the plugin FixDroid, which offered warnings and quick fix dialogues for security issues in the Android Studio IDE, and found that developers approved FixDroid, which helped produce more secure code.…”
Section: Related Workmentioning
confidence: 99%
“…Many tools can be used by developers to spot potential security issues, such as compilers or static and dynamic code analyzers (e.g., [12,47,55]) and there is already work underway looking at these different types of systems. For instance, recent work by Gorski et al has shown that warnings shown by the compiler can improve code security [42]; however, Barik et al showed that reading compiler warnings takes a significant amount of effort and that improvements are needed [11,12].…”
Section: Introductionmentioning
confidence: 99%