TY - JOUR
AU - Elisa, Noe
AB - Secure refactoring involves a set of safe transformations aimed at enhancing the overall security of the codebase. During refactoring, code transformations are performed on software systems to maintain code quality and address existing vulnerabilities. However, if done carelessly, refactoring can introduce new security vulnerabilities. To the best of our knowledge, no study has investigated existing secure refactoring methods and their effectiveness in ensuring software system security. Therefore, this study aims to survey and synthesize relevant research on secure refactoring approaches to provide an understanding of the techniques and methods used to enhance security during the refactoring process. In this study, 55 papers on secure refactoring, selected from well-known digital libraries, were analysed, and reviewed, covering a period from 2011 to 2023 to offer the most scalable and comprehensive literature review of existing secure refactoring studies. The findings indicate that specific refactoring techniques are effective in addressing common vulnerabilities such as SQL Injection, Buffer Overflow, and Cross-Site Scripting (XSS). These techniques include Extract Method, Replace Temp with Query, Introduce Parameter Object, and Encapsulate Field. Conversely, some refactoring operations, such as Pull Up Method and Extract Subclass, can inadvertently introduce vulnerabilities like bugs or inadequate access control. Based on this survey, we proposed a taxonomy of secure refactoring that serves as a framework for classifying existing research, identifying research trends, and highlighting gaps in the literature and avenues for further investigation.
TI - A Survey on Secure Refactoring
JF - SN Computer Science
DO - 10.1007/s42979-024-03325-y
DA - 2024-10-12
UR - https://www.deepdyve.com/lp/springer-journals/a-survey-on-secure-refactoring-Cb6RhDPVqw
VL - 5
IS - 7
DP - DeepDyve
ER -