Common Programming Mistakes Leading to Information Disclosure: A Preliminary Study

Gowri Pandian Sundarapandi, Raiyan Hossain, Chandana Jasrai, Kazi Zakia Sultana, Zadia Codabux

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

It is vital to engineer robust and secure software. Many security strategies and techniques have been proposed. However, technological growth increases security concerns and demands persistent software security analysis. The objective of our study is to analyze vulnerable code components of real-world software code repositories and mine developers' frequent programming mistakes, resulting in information disclosure in the software. Finding common programming mistakes during the implementation phase is a primary step towards building secure software. We investigate the published vulnerabilities in two open-source applications: Apache Tomcat and Android. We focus on the information disclosure vulnerability reported as security advisories and analyze the code to extract or mine the causes of the vulnerability. We found that improper or lack of bound checking is the most frequent programming mistake that can potentially cause information leakage. Our findings can help create awareness among developers of the common programming mistakes that lead to disclosing sensitive information to avoid it, or if such mistakes are already present in the code, they can be handled during the implementation phase. Moreover, our results can be incorporated in tools such as static analyzers to help detect information disclosure instances more accurately prior to software delivery.

Original languageEnglish
Title of host publicationProceedings - 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages743-747
Number of pages5
ISBN (Electronic)9781665437868
DOIs
StatePublished - 2022
Event29th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2022 - Virtual, Online, United States
Duration: 15 Mar 202218 Mar 2022

Publication series

NameProceedings - 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2022

Conference

Conference29th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2022
Country/TerritoryUnited States
CityVirtual, Online
Period15/03/2218/03/22

Keywords

  • Information Disclosure
  • Programming Mistakes
  • Software Vulnerability

Fingerprint

Dive into the research topics of 'Common Programming Mistakes Leading to Information Disclosure: A Preliminary Study'. Together they form a unique fingerprint.

Cite this