Supporting the Effective Use of Security APIs by Developers
Security Application Programming Interface (APIs) are an integral part of secure software development, facilitating the incorporation of security services into software products. Given the complexity of security API designs, poor API documentations and lack of cybersecurity training, developers often struggle to use security APIs properly, which may lead to costly vulnerabilities and data breaches, invalidating the purpose of using them. While enhancing API designs into an easy-to-use and secure-by-default interface is a potential long-term solution, it remains crucial to support developers in the secure adoption of existing security APIs. Tool support for detecting and fixing misuses as well as automated code generation can be a viable solution to reduce the burden on developers and mitigate the risk of security API misuses. This research seeks to develop a framework for supporting developers in detecting and fixing misuses and generating code that adheres to the best practices and security guidelines.
- Zahra Mousavi