Detecting Misuses of Security APIs: A Systematic Review
Security Application Programming Interfaces (APIs) play a vital role in ensuring software security. However, misuse of security APIs may introduce vulnerabilities that can be exploited by hackers. API design complexities, inadequate documentation and insufficient security training are some of the reasons for misusing security APIs. In order to help developers and organizations, software security community have devised and evaluated several approaches to detecting misuses of security APIs. We rigorously analyzed and synthesized the literature on security APIs misuses for building a body of knowledge on the topic. Our review has identified and discussed the security APIs studied from misuse perspective, the types of reported misuses and the approaches developed to detect misuses and how the proposed approaches have been evaluated. Our review has also highlighted the open research issues for advancing the state-of-the-art of detecting misuse of security APIs.
READ FULL TEXT