Software developers build complex systems using plenty of third-party libraries. Documentation is key to understand and use the functionality provided via the libraries’ APIs. Therefore, functionality is the main focus of contemporary API documentation, while cross-cutting concerns such as security are almost never considered at all, especially when the API itself does not provide security features. Documentations of JavaScript libraries for use in web applications, e.g., do not specify how to add or adapt a Content Security Policy (CSP) to mitigate content injection attacks like Cross-Site Scripting (XSS). This is unfortunate, as security-relevant API documentation might have an influence on secure coding practices and prevailing major vul...
textToday's systems abstract the implementation details of common services such as secure client-ser...
Web applications are the most important gateway to the Internet. Billions of users are relying on th...
Securing JavaScript in the browser is an open and challenging problem. Code from pervasive third-par...
Software developers build complex systems using plenty of third-party libraries. Documentation is ke...
Cryptographic API misuse is responsible for a large number of software vulnerabilities. In many case...
Usable security puts the users into the center of cyber security developments. Software developers a...
Software development is a complex task. Merely focussing on functional requirements is not sufficien...
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web a...
The aim of our project is to gather empirical evidence on the security impacts of language and Appli...
Content Security Policy (CSP) is powerful client-side security layer that helps in mitigating and de...
Building secure web applications is notoriously difficult. The growing importance of JavaScript as a...
In the standard web browser programming model, third-party scripts included in an application execut...
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web a...
Vulnerabilities in Android code - including but not limited to insecure data storage, unprotected in...
In the standard web browser programming model, third-party scripts included in an application execut...
textToday's systems abstract the implementation details of common services such as secure client-ser...
Web applications are the most important gateway to the Internet. Billions of users are relying on th...
Securing JavaScript in the browser is an open and challenging problem. Code from pervasive third-par...
Software developers build complex systems using plenty of third-party libraries. Documentation is ke...
Cryptographic API misuse is responsible for a large number of software vulnerabilities. In many case...
Usable security puts the users into the center of cyber security developments. Software developers a...
Software development is a complex task. Merely focussing on functional requirements is not sufficien...
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web a...
The aim of our project is to gather empirical evidence on the security impacts of language and Appli...
Content Security Policy (CSP) is powerful client-side security layer that helps in mitigating and de...
Building secure web applications is notoriously difficult. The growing importance of JavaScript as a...
In the standard web browser programming model, third-party scripts included in an application execut...
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web a...
Vulnerabilities in Android code - including but not limited to insecure data storage, unprotected in...
In the standard web browser programming model, third-party scripts included in an application execut...
textToday's systems abstract the implementation details of common services such as secure client-ser...
Web applications are the most important gateway to the Internet. Billions of users are relying on th...
Securing JavaScript in the browser is an open and challenging problem. Code from pervasive third-par...