Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Towards continuous security certification of Software-as-a-Service applications using web application testing techniques

 
: Stephanow, P.; Khajehmoogahi, K.

:

Barolli, L. ; Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society, Technical Committee on Distributed Processing:
AINA 2017, 31st IEEE International Conference on Advanced Information Networking and Applications. Proceedings : 27-29 March 2017, Tamkang University, Taipei, Taiwan
Piscataway, NJ: IEEE, 2017
ISBN: 978-1-5090-6029-0
ISBN: 978-1-5090-6030-6
ISBN: 978-1-5090-6028-3
S.931-938
International Conference on Advanced Information Networking and Applications (AINA) <31, 2017, Taipei>
Bundesministerium für Bildung und Forschung BMBF
16KIS0075K; NGCert
European Commission EC
H2020; 731845; EU-SEC
The European Security Certification Framework
Englisch
Konferenzbeitrag
Fraunhofer AISEC ()

Abstract
Continuous security certification of software-asa- service (SaaS) aims at continuously, i.e. repeatedly and automatically validating whether a SaaS application adheres to a set of security requirements. Since SaaS applications make heavy use of web application technologies, checking security requirements with the help of web application testing techniques seems evident. However, these techniques mainly focus on conducting discrete security tests, that is, mostly manually triggered tests whose results are interpreted by human experts. Thus these techniques are not per se suited to support continuous security certification of SaaS applications and have to be adapted accordingly. In this paper, we report on our current status of developing methods and tools to support test-based, continuous security certification of SaaS applications which make use of web application testing techniques. To that end, we describe major challenges to overcome and present experimental test results of using SQLMap to continuously test for SQL injection vulnerabilities.

: http://publica.fraunhofer.de/dokumente/N-480976.html