Secure coding practices in Java

Meng, Na; Nagy, Stefan; Yao, Danfeng; Zhuang, Wenjie; Arango-Argoty, Gustavo

doi:10.1145/3180155.3180201

Cited by 106 publications

(14 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our data collection steps are in line with the best practices of previous work. Previous work uses Stack Overflow tags, coding questions, and manual analysis often to identify big data , concurrency , security [Meng et al 2018;Yang et al 2016], and deep learning [Islam et al , 2020 bugs and questions and answers. We write our code to process Stack Exchange Data Dump [Stack Exchange 2019] and its XML files to identify Akka actor and coding questions.…”

Section: Data Collectionmentioning

confidence: 99%

“…This is because these may not identify a complete set of Akka questions and answers and commits or identify irrelevant ones. To minimize this threat, we closely follow the best practices of previous work in using tags Islam et al , 2020Meng et al 2018;Yang et al 2016], keywords [Casalnuovo et al 2015;Islam et al , 2020Kim and Whitehead 2006;Ray et al 2016], and maturity criteria [Biswas et al 2019;Gu et al 2016;Nadi et al 2016]. Additionally, we manually analyze each candidate question and answer and commit and discard irrelevant ones.…”

Section: Threats To Validitymentioning

confidence: 99%

See 1 more Smart Citation

Actor concurrency bugs: a comprehensive study on symptoms, root causes, API usages, and differences

Bagherzadeh

Fireman

Shawesh

et al. 2020

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Actor concurrency is becoming increasingly important in the development of real-world software systems. Although actor concurrency may be less susceptible to some multithreaded concurrency bugs, such as lowlevel data races and deadlocks, it comes with its own bugs that may be different. However, the fundamental characteristics of actor concurrency bugs, including their symptoms, root causes, API usages, examples, and differences when they come from different sources are still largely unknown. Actor software development can significantly benefit from a comprehensive qualitative and quantitative understanding of these characteristics, which is the focus of this work, to foster better API documentation, development practices, testing, debugging, repairing, and verification frameworks. To conduct this study, we take the following major steps. First, we construct a set of 186 real-world Akka actor bugs from Stack Overflow and GitHub via manual analysis of 3,924 Stack Overflow questions, answers, and comments and 3,315 GitHub commits, messages, original and modified code snippets, issues, and pull requests. Second, we manually study these actor bugs and their fixes to understand and classify their symptoms, root causes, and API usages. Third, we study the differences between the commonalities and distributions of symptoms, root causes, and API usages of our Stack Overflow and GitHub actor bugs. Fourth, we discuss real-world examples of our actor bugs with these symptoms and root causes. Finally, we investigate the relation of our findings with those of previous work and discuss their implications. A few findings of our study are: ❶ symptoms of our actor bugs can be classified into five categories, with Error as the most common symptom and Incorrect Exceptions as the least common, ❷ root causes of our actor bugs can be classified into ten categories, with Logic as the most common root cause and Untyped Communication as the least common, ❸ a small number of Akka API packages are responsible for most of API usages by our actor bugs, and ❹ our Stack Overflow and GitHub actor bugs can differ significantly in commonalities and distributions of their symptoms, root causes, and API usages. While some of our findings agree with those of previous work, others sharply contrast. CCS Concepts: • Theory of computation → Concurrency; • General and reference → Empirical studies.

show abstract

Section: Data Collectionmentioning

confidence: 99%

Section: Threats To Validitymentioning

confidence: 99%

Actor concurrency bugs: a comprehensive study on symptoms, root causes, API usages, and differences

Bagherzadeh

Fireman

Shawesh

et al. 2020

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…Meng et al 19 conducted an empirical study on Stack Overflow postings to learn about developers' fears about Java secure code, programming challenges, and insecure coding methods. According to the authors, Spring Security's authentication and authorization capabilities have been widely adopted.…”

Section: Motivation and Related Reviewmentioning

confidence: 99%

“…SSC standards establish protections that minimize or eliminate the possibility of code having security flaws. However, despite using SSC standards and practices, many cyber‐attacks are reported daily 18‐20 …”

Section: Introductionmentioning

confidence: 99%

Toward a readiness model for secure software coding

et al. 2022

View full text Add to dashboard Cite

The heart of the application's secure operation is its software code. If the code contains flaws, the entire program might be hacked. The issue with software vulnerabilities is that they reveal coding flaws that hackers could exploit. The prevention of cybersecurity issues begins with the program code itself. When writing software code, a software developer must consider expressing the application's architecture and design requirements, keeping the code streamlined and efficient, and ensuring the code is safe. Secure code helps save the system from various cyber-attacks by eliminating the weaknesses that many hacks rely on. To assist the software organization in Secure Software Coding (SSC), this article proposes a readiness model for SSC, namely SSCRM. The proposed model has five levels; SSC challenges and best practices (BP) are mapped at each level. The proposed model will help the organizations better understand SSC challenges and BPs and provide a roadmap for developing secure software code. The proposed model was evaluated using three case studies. The findings demonstrate that the proposed approach helps determine an organization's SSC level.

show abstract

“…2) Java Programming Language: This programming language is one of the most recognized, provides the development and execution of various types of applications, highlighted by its structure and composition for programming, especially for mobile applications containing high adaptability, aimed at different mobile devices [18]. The main advantages are that it is a simple to understand language, object-oriented language, distributed applications, and, finally, the security it provides [19] [20].…”

Section: Hu-10mentioning

confidence: 99%

Inclusive Education: Implementation of a Mobile Application for Blind Students

Gabriel-Gonzales¹,

Andrade–Arenas²

2021

IJACSA

View full text Add to dashboard Cite

Currently, the world is going through an era of changes in the education sector, but most Latin American countries are lagging, especially Peru, which does not have the technological tools that allow it to advance to an adequate level of inclusion of disabled students, especially blind students who are 60% of students who drop out of school for lack of education that have be suitable for their need. Consequently, the present research work is originated which aims to develop a mobile application oriented to the benefit of inclusive education of blind students. Therefore, the agile scrum methodology was used for the development of this project, executed in 5 phases, the requirements identified for the development of the mobile application were obtained through a questionnaire to 25 parents of visually impaired students, allowing the development of a mobile application that meets quality of inclusive education that can be applied in the education sector. Finally, as a result of the research work, another satisfaction survey was conducted with 50 parents where the application was evaluated, obtaining 90% of acceptance and satisfaction.

show abstract

Secure coding practices in Java

Cited by 106 publications

References 23 publications

Actor concurrency bugs: a comprehensive study on symptoms, root causes, API usages, and differences

Actor concurrency bugs: a comprehensive study on symptoms, root causes, API usages, and differences

Toward a readiness model for secure software coding

Inclusive Education: Implementation of a Mobile Application for Blind Students

Contact Info

Product

Resources

About