Jing Xie

Security Analyst at Lookout

Location
San Francisco Bay Area
Industry
Computer Software

As a LinkedIn member, you'll join 300 million other professionals who are sharing connections, ideas, and opportunities.

  • See who you and Jing Xie know in common
  • Get introduced to Jing Xie
  • Contact Jing Xie directly

View Jing's full profile

Jing Xie's Overview

Current
Education
Connections

207 connections

Websites

Jing Xie's Experience

Malware Analyst

Lookout

Privately Held; 201-500 employees; Computer & Network Security industry

January 2013Present (1 year 9 months) san francisco bay area

Member of the Research and Response team @ Lookout:

Research emergent Android and iOS malware;
Reverse applications on Android and iOS;
Develop malware detection and prevention intelligence for Lookout products.

Jing Xie's Publications

  • Evaluating Interactive Support for Secure Programming

    • ACM
    Authors: Jing Xie, Heather Richter Lipford, Bill Chu

    Implementing secure code is an important and oft-overlooked non-functional requirement. Secure programming errors are a subset of program errors that result in many common privacy and security breaches in commercial software. We are seeking to provide interactive support for secure programming in the development environment. In this paper, we have evaluated our prototype tool, ASIDE, which provides real-time warnings and code generation to reduce secure programming errors introduced by programmers. We evaluate the potential use and effectiveness of ASIDE on both novice and professional developers in two comparison user studies. Our results demonstrate that the interactive support can help address this important non-functional requirement, and suggest guidelines for such tools to support programmers.

  • ASIDE: IDE Support for Web Application Security

    • ACM
    Authors: Jing Xie, Bill Chu, Heather Richter Lipford, John Melton

    Many of today’s application security vulnerabilities are introduced by software developers writing insecure code. This may be due to either a lack of understanding of secure programming practices, and/or developers’ lapses of attention on security. Much work on software security has focused on detecting software vulnerabilities through automated analysis techniques. While they are effective, we believe they are not sufficient. We propose to increase developer awareness and promote practice of secure programming by interactively reminding programmers of secure programming practices inside Integrated Development Environments (IDEs). We have implemented a proof-of-concept plugin for Eclipse and Java. Initial evaluation results show that this approach can detect and address common web application vulnerabilities and can serve as an effective aid for programmers. Our approach can also effectively complement existing software security best practices and significantly increase developer productivity.

  • Why do programmers make security errors?

    • IEEE
    Authors: Jing Xie, Heather Richter Lipford, Bill Chu

    A large number of software security vulnerabilities are caused by software errors that are committed by software developers. We believe that interactive tool support will play an important role in aiding software developers to develop more secure software. However, an in-depth understanding of how and why software developers produce security bugs is needed to design such tools. We conducted a semi-structured interview study on 15 professional software developers to understand their perceptions and behaviors related to software security. Our results reveal a disconnect between developers’ conceptual understanding of security and their attitudes regarding their personal responsibility and practices for software security.

  • Idea: Interactive Support for Secure Software Development

    • Springer
    Authors: Jing Xie, Bill Chu, Heather Richter Lipford

    Security breaches are often caused by software bugs, which may frequently be due to developer's memory lapses, lack of attention/focus, and knowledge gaps. Developers have to contend with heavy cognitive loads to deal with issues such as functional requirements, deadlines, security, and runtime performance. We propose to integrate secure programming support seamlessly into Integrated Development Environments (IDEs) in order to help developers cope with their heavy cognitive load and reduce security errors. As proof of concept, we developed a plugin for Eclipse's Java development environment. Developers will be alerted to potential secure programming concerns, such as input validation, data encoding, and access control as well as encouraging compliance with secure coding standards.

Jing Xie's Additional Information

Websites:
Groups and Associations:

OWASP Charlotte Chapter; OWASP UNCC Chapter

Jing Xie's Education

University of North Carolina at Charlotte

Ph.D., Software Security

20082012

Contact Jing for:

  • career opportunities
  • job inquiries
  • expertise requests
  • business deals
  • reference requests

Jing Xie's Skills & Expertise

  1. Android Reversing
  2. iOS Reversing
  3. Java
  4. Car Driving
  5. Web Application Security
  6. Information Security
  7. Smali
  8. Mobile Security
  9. ARM Assembly
  10. Penetration Testing
  11. Ruby
  12. Security Audit
  13. JavaScript
  14. Web Development
  15. Python
  16. Software Development
  17. Software Evaluations
  18. User Experience
  19. Android Development
  20. Application Security
  21. Vulnerability Assessment
  22. Security
  23. Android
  24. Reverse Engineering
  25. Malware Analysis

View All (25) Skills View Fewer Skills

View Jing Xie’s full profile to...

  • See who you and Jing Xie know in common
  • Get introduced to Jing Xie
  • Contact Jing Xie directly

View Jing's full profile

Not the Jing Xie you were looking for? View more »

Viewers of this profile also viewed...