Industrial Strength Static Detection for Cryptographic API Misuses

Industrial Strength Static Detection for Cryptographic API Misuses

Cristina Cifuentes, Nicholas Allen

17 October 2022

We describe our experience of building an industrial-strength cryptographic vulnerability detector, which aims to detect cryptographic API misuses in Java(TM). Based on the detection algorithms of the CryptoGuard, we integrated the detection into the Oracle internal code scanning platform Parfait. The goal of the Parfait-based cryptographic vulnerability detection is to provide precise and scalable cryptographic code screening for large-scale industrial projects. We discuss the needs and challenges of the static cryptographic vulnerability screening in the industrial environment.


Venue : IEEE Secure Development Conference, https://secdev.ieee.org/2022/practitioners/

File Name : SecDev_Practitioner.pdf



  • File Name : SecDev_practitioner_paper_camera_ready.pdf