Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Fuzzing of mobile application in the banking domain. A case study

: Schneider, Martin A.; Wendland, Marc-Florian; Akın, Abdurrahman; Sentürk, Serafettin

Postprint urn:nbn:de:0011-n-6030694 (947 KByte PDF)
MD5 Fingerprint: 9162d4ae75842482f47b6038d7038de9
Created on: 30.9.2020

Institute of Electrical and Electronics Engineers -IEEE-; IEEE Reliability Society:
Companion of the IEEE 20th International Conference on Software Quality, Reliability and Security, QRS-C 2020. Proceedings : 11-14 December 2020, Macau, China
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2020
ISBN: 978-1-7281-8915-4
ISBN: 978-1-7281-8916-1
International Conference on Software Quality, Reliability, and Security Companion (QRS-C) <20, 2020, Macau>
Workshop on System Testing and Validation (STV) <13, 2020, Macau>
Bundesministerium für Bildung und Forschung BMBF (Deutschland)
Conference Paper, Electronic Publication
Fraunhofer FOKUS ()
web services; security testing; automation; fuzz testing

Mobile applications are today ubiquitous, and everybody uses them on a daily basis. This applies also to security-critical mobile applications such as online banking apps. In today’s architectures, these mobile applications are usually fed from the same source as mobile applications on smart phones, i.e. web services. This makes security testing of web services inevitable. Furthermore, regulation increases and requires stronger security mechanisms as with the strong customer authentication from the Revised European Payment Services Directive (PSD2). Automated security testing is a way to cope with the increasing requirements on assuring the security of such web services and their implemented security controls whilst dealing with decreasing resources for such efforts. In this paper, we present our experiences from a case study provided by Kuveyt Türk Bank performed within the ITEA-3 project TESTOMAT where we introduced automated security testing in terms of fuzzing to complement manual security testing.