• English
  • Deutsch
  • Log In
    Password Login
    Research Outputs
    Fundings & Projects
    Researchers
    Institutes
    Statistics
Repository logo
Fraunhofer-Gesellschaft
  1. Home
  2. Fraunhofer-Gesellschaft
  3. Konferenzschrift
  4. Helper-in-the-Middle: Supporting Web Application Scanners Targeting Industrial Control Systems
 
  • Details
  • Full
Options
2020
Conference Paper
Title

Helper-in-the-Middle: Supporting Web Application Scanners Targeting Industrial Control Systems

Abstract
Web applications on industrial control systems (ICS) provide functionality such as obtaining status information or updating configurations. However, a web application possibly adds additional attack vectors to the ICS. In order to find existing vulnerabilities of web applications, automated black box web application scanners (WAS) can be used. Evaluations of existing scanners show similar limitations in their applicability. For example, ICS often crash during a scan. If the used scanner does not recognize and handle this issue, it is not able to finish the test. We present HelpMeICS which makes improvements available for different scanners without the need to adapt the specific scanner. It is implemented as a proxy-based solution which is transparent for the scanners and handles different aspects such as error-handling, authentication, and replacement of contents. Our evaluation with five different ICS shows an improvement of applicability as well as a reduction of additional limitations of WAS. As an example, our improvements increased the URL coverage from 8% to 100%. For one of the ICS, a complete scan was only made possible by HelpMeICS since the ICS crashed irrecoverably during the scans without HelpMeICS.
Author(s)
Borcherding, Anne  
Pfrang, Steffen  
Haas, Christian  
Weiche, Albrecht
Beyerer, Jürgen  
Mainwork
17th International Conference on Security and Cryptography, SECRYPT 2020. Proceedings. Vol.3  
Conference
International Conference on Security and Cryptography (SECRYPT) 2020  
International Joint Conference on e-Business and Telecommunications (ICETE) 2020  
Open Access
File(s)
Download (357.08 KB)
Rights
CC BY-NC-ND 4.0: Creative Commons Attribution-NonCommercial-NoDerivatives
DOI
10.24406/publica-r-408476
10.5220/0009517800270038
Language
English
Fraunhofer-Institut für Optronik, Systemtechnik und Bildauswertung IOSB  
Keyword(s)
  • Industrial Control Systems

  • Black Box Security Testing

  • Web Application Scanners

  • Proxy

  • usability

  • Cookie settings
  • Imprint
  • Privacy policy
  • Api
  • Contact
© 2024