no description available
no description available
no description available
Frequently advised secure development recommendations often fall short in practice for app developers. Tool-driven (e.g., using static analysis tools) approaches lack context and domain-specific requirements of an app being tested. App developers struggle to find an actionable and prioritized list of vulnerabilities from a laundry list of security warnings reported by static analysis tools. Process-driven (e.g., applying threat modeling methods) approaches require substantial resources (e.g., security testing team, budget) and security expertise, which small to medium-scale app dev teams could barely afford. To help app developers secure their apps, we propose SO{U}RCERER, a guiding framework for Android app developers for security testing. SO{U}RCERER guides developers to identify domain-specific assets of an app, detect and prioritize vulnerabilities, and mitigate those vulnerabilities based on secure development guidelines. We evaluated SO{U}RCERER with a case study on analyzing and testing 36 Android mobile money apps. We found that by following activities guided by SO{U}RCERER, an app developer could get a concise and actionable list of vulnerabilities (24-61% fewer security warnings produced by SO{U}RCERER than a standalone static analyzer), directly affecting a mobile money app’s critical assets, and devise a mitigation plan. Our findings from this preliminary study indicate a viable approach to Android app security testing without being overwhelmingly complex for app developers.
Pre-printno description available
no description available
no description available
no description available
no description available
no description available
no description available
no description available
no description available
no description available
no description available
no description available
no description available
no description available
Mathieu has 10 years of experience in software quality and productivity. He obtained his Ph.D from the Intelligent System Logging and Monitoring lab (Concordia, Montréal, Canada) in 2018 and he’s now a Technical Architect dedicated to Research & Development on software quality, productivity, debug and profiling. He presented at various international scientific conferences such as SANER (Software Analysis, Evolution, and Reengineering), MSR (Mining Software repositories), WCRE (Working Conference on Reverse Engineering) or CPPCON. He also wrote several books on open-source technologies such as Angular, Solr or Magento.
no description available
no description available
no description available
I am Dr. Brittany Johnson-Matthews, an Assistant Professor in the Department of Computer Science at George Mason University. You may also know me as my pen name, Brittany Johnson. I direct the INSPIRED (INterdisciplinary Software Practice Improvement REsearch and Development) Lab. I received my Ph.D. in Computer Science from North Carolina State University (2017), after getting my B.A. in Computer Science from the College of Charleston (2011). I explore sociotechnical problems pertaining to developer productivity and software development/use, such as tool support, work environments, ethics, and software for social good. My research is interdisciplinary, cross-cutting with research in software engineering, human-computer interaction, and machine learning.
With this event, I would like to give PhD students the opportunity to get in touch with each other and to share their experiences so far during their PhD studies. The idea of this event is to provide a forum for PhD students to get to know each other and share problems, difficulties, but also experiences of success during their PhD time.
This event is open to all PhD students at the conference, and everyone can contribute as much as they want.
I myself just finished my PhD in March this year, and I still don’t feel like a finished PhD.
In order to ensure basic communication at this event, I would like to offer you the opportunity to ask me any question you may have regarding the PhD time. I will try to answer your questions openly and honestly based on my personal experiences and hope that an active exchange will develop among all participants.
The basic rule of this event is that there are no stupid questions, and everyone can openly ask and say anything.
I am looking forward to meeting you!
I am a post-doctoral researcher and data scientist working at the Data Science and Digital Libraries Research Group at TIB – Leibniz Information Centre for Science and Technology. I hold a Bachelor of Science and a Master of Science degree, as well as a PhD in Computer Science from Leibniz Universität Hannover. As part of this work, my research addresses the development of the Open Research Knowledge Graph (ORKG) for application to engineering science. The focus is on the formalization, discoverability, and accessibility of methodological knowledge and information on semantically rich and machine-interpretable concepts for engineering problems.
I am a member of the Gesellschaft für Informatik e.V. (GI), deputy spokesperson of the Fachgruppe Requirements Engineering (RE), and a regular reviewer and member of various program and organizing committees of conferences and journals.
Before joining TIB – Leibniz Information Centre for Science and Technology, I was a research assistant and PhD student at the Software Engineering Group at Leibniz Universität Hannover. I worked as project leader of the DFG research project ViViReq and researched the integration of videos as a complementary communication medium in requirements engineering. My research focused on supporting requirements communication between stakeholders and the development team to foster the development of a shared understanding of the project vision of the system under development among all project partners involved. I have published my research in over 40 national and international publications covering diverse topics such as requirements engineering, social software engineering, machine learning, and natural language processing.
Social/Networking
Wed 17 Nov 2021 12:00 - 13:00 at Wallaby - How to Get a Job in Academia or Industry Chair(s): Muneera Bano School of Information Technology, Deakin Universityno description available
no description available
Social/Networking
Thu 18 Nov 2021 12:00 - 13:00 at Wallaby - What Makes a Good ASE Paper? Chair(s): Mattia Fazzini University of Minnesotano description available