Industrial Strength Static Detection for Cryptographic API Misuses
Industrial Strength Static Detection for Cryptographic API Misuses
17 October 2022
We describe our experience of building an industrial-strength cryptographic vulnerability detector, which aims to detect cryptographic API misuses in Java(TM). Based on the detection algorithms of the CryptoGuard, we integrated the detection into the Oracle internal code scanning platform Parfait. The goal of the Parfait-based cryptographic vulnerability detection is to provide precise and scalable cryptographic code screening for large-scale industrial projects. We discuss the needs and challenges of the static cryptographic vulnerability screening in the industrial environment.
Venue : IEEE Secure Development Conference, https://secdev.ieee.org/2022/practitioners/
File Name : SecDev_Practitioner.pdf
File Name : SecDev_practitioner_paper_camera_ready.pdf