Cryptography Vulnerabilities on HackerOne
Mohammadreza Hazhirpasand, Mohammad Ghafari
TL;DR
This paper analyzes cryptography-related vulnerabilities reported on HackerOne to identify common issues, their implications, and mitigation strategies, aiming to improve developer awareness and security practices.
Contribution
It provides a systematic categorization of cryptography vulnerabilities from real-world reports and discusses their practical impacts and mitigation approaches.
Findings
Eight vulnerability themes identified from reports
Cryptography misuses have serious security implications
Guidelines for avoiding common cryptography mistakes
Abstract
Previous studies have shown that cryptography is hard for developers to use and misusing cryptography leads to severe security vulnerabilities. We studied relevant vulnerability reports on the HackerOne bug bounty platform to understand what types of cryptography vulnerabilities exist in the wild. We extracted eight themes of vulnerabilities from the vulnerability reports and discussed their real-world implications and mitigation strategies. We hope that our findings alert developers, familiarize them with the dire consequences of cryptography misuses, and support them in avoiding such mistakes.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Information and Cyber Security · Security and Verification in Computing