Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Fuzzing of mobile application in the banking domain

A case study. Paper presented at 20th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2020, December 11-14, 2020, Macau, China
 
: Schneider, Martin A.; Wendland, Marc-Florian; Akın, Abdurrahman; Sentürk, Serafettin

:
Postprint urn:nbn:de:0011-n-6030694 (947 KByte PDF)
MD5 Fingerprint: 9162d4ae75842482f47b6038d7038de9
Erstellt am: 30.9.2020


2020, 7 S.
International Conference on Software Quality, Reliability, and Security Companion (QRS-C) <20, 2020, Macau>
Workshop on System Testing and Validation (STV) <13, 2020, Macau>
Bundesministerium für Bildung und Forschung BMBF (Deutschland)
16032; TESTOMAT
Englisch
Konferenzbeitrag, Elektronische Publikation
Fraunhofer FOKUS ()
web services; security testing; automation; fuzz testing

Abstract
Mobile applications are today ubiquitous, and everybody uses them on a daily basis. This applies also to security-critical mobile applications such as online banking apps. In today’s architectures, these mobile applications are usually fed from the same source as mobile applications on smart phones, i.e. web services. This makes security testing of web services inevitable. Furthermore, regulation increases and requires stronger security mechanisms as with the strong customer authentication from the Revised European Payment Services Directive (PSD2). Automated security testing is a way to cope with the increasing requirements on assuring the security of such web services and their implemented security controls whilst dealing with decreasing resources for such efforts. In this paper, we present our experiences from a case study provided by Kuveyt Türk Bank performed within the ITEA-3 project TESTOMAT where we introduced automated security testing in terms of fuzzing to complement manual security testing.

: http://publica.fraunhofer.de/dokumente/N-603069.html