An empirical study to improve software security through the application of code refactoring

Haris Mumtaz, Mohammad Alshayeb*, Sajjad Mahmood, Mahmood Niazi

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

35 Scopus citations


Context: Code bad smells indicate design flaws that can degrade the quality of software and can potentially lead to the introduction of faults. They can be eradicated by applying refactoring techniques. Code bad smells that impact the security perspective of software should be detected and removed from their code base. However, the existing literature is insufficient to support this claim and there are few studies that empirically investigate bad smells and refactoring opportunities from a security perspective. Objective: In this paper, we investigate how refactoring can improve the security of an application by removing code bad smell. Method: We analyzed three different code bad smells in five software systems. First, the identified code bad smells are filtered against security attributes. Next, the object-oriented design and security metrics are calculated for the five investigated systems. Later, refactoring is applied to remove security-related code bad smells. The correctness of detection and refactoring of investigated code smells are then validated. Finally, both traditional object-oriented and security metrics are again calculated after removing bad smells to assess its impact on the design and security attributes of systems. Results: We found ‘feature envy’ to be the most abundant security bad smell in investigated projects. The ‘move method’ and ‘move field’ are commonly applied refactoring techniques because of the abundance of feature envy. Conclusion: The results of security metrics indicate that refactoring helps improve the security of an application without compromising the overall quality of software systems.

Original languageEnglish
Pages (from-to)112-125
Number of pages14
JournalInformation and Software Technology
StatePublished - Apr 2018

Bibliographical note

Funding Information:
The authors would like to acknowledge the support provided by the Deanship of Scientific Research at King Fahd University of Petroleum and Minerals, Saudi Arabia.

Publisher Copyright:
© 2017 Elsevier B.V.


  • Code bad smells
  • Empirical study
  • Refactoring
  • Secured software

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Computer Science Applications


Dive into the research topics of 'An empirical study to improve software security through the application of code refactoring'. Together they form a unique fingerprint.

Cite this