The reviewed record of science sign in
Pith

arxiv: 2306.08869 · v4 · pith:HHLNSTUJ · submitted 2023-06-15 · cs.CR · cs.SE

Detecting Misuse of Security APIs: A Systematic Review

Reviewed by Pithpith:HHLNSTUJopen to challenge →

classification cs.CR cs.SE
keywords securitymisuseapproachesdetectionreviewapisdetectingdevelopers
0
0 comments X
read the original abstract

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design, inadequate documentation, and insufficient security training often lead to unintentional misuse by developers. The software security community has devised and evaluated several approaches to detecting security API misuse to help developers and organizations. This study rigorously reviews the literature on detecting misuse of security APIs to gain a comprehensive understanding of this critical domain. Our goal is to identify and analyze security API misuses, the detection approaches developed, and the evaluation methodologies employed along with the open research avenues to advance the state-of-the-art in this area. Employing the systematic literature review (SLR) methodology, we analyzed 69 research papers. Our review has yielded (a) identification of 6 security API types; (b) classification of 30 distinct misuses; (c) categorization of detection techniques into heuristic-based and ML-based approaches; and (d) identification of 10 performance measures and 9 evaluation benchmarks. The review reveals a lack of coverage of detection approaches in several areas. We recommend that future efforts focus on aligning security API development with developers' needs and advancing standardized evaluation methods for detection technologies.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Future-Proofing Cloud Security Against Quantum Attacks: Risk, Transition, and Mitigation Strategies

    cs.CR 2025-09 unverdicted novelty 4.0

    This survey analyzes quantum vulnerabilities in cloud computing and provides a structured framework for transitioning to post-quantum cryptography with risk assessments and deployment roadmaps.