2022
DOI: 10.1007/s10664-022-10165-y
|View full text |Cite
|
Sign up to set email alerts
|

Fluently specifying taint-flow queries with fluentTQL

Abstract: Previous work has shown that taint analyses are only useful if correctly customized to the context in which they are used. Existing domain-specific languages (DSLs) allow such customization through the definition of deny-listing data-flow rules that describe potentially vulnerable or malicious taint-flows. These languages, however, are designed primarily for security experts who are expected to be knowledgeable in taint analysis. Software developers, however, consider these languages to be complex. This paper … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
4
2

Relationship

0
6

Authors

Journals

citations
Cited by 7 publications
(1 citation statement)
references
References 31 publications
0
1
0
Order By: Relevance
“…Croft et al [21] concluded that although learning-based approaches had better precision, both learning-based and SAST tools approaches should be used independently. Piskachev et al [22] did a user study of SAST tools in resolving security vulnerabilities and provided a list of recommendations for software security professionals and practitioners. Scandariato et al [23] studied users' experiences of nine participants using a SAST tool and an automated tool for penetration testing on two blogging applications.…”
Section: Comparing Static Application Security Testing (Sast) and Dyn...mentioning
confidence: 99%
“…Croft et al [21] concluded that although learning-based approaches had better precision, both learning-based and SAST tools approaches should be used independently. Piskachev et al [22] did a user study of SAST tools in resolving security vulnerabilities and provided a list of recommendations for software security professionals and practitioners. Scandariato et al [23] studied users' experiences of nine participants using a SAST tool and an automated tool for penetration testing on two blogging applications.…”
Section: Comparing Static Application Security Testing (Sast) and Dyn...mentioning
confidence: 99%