FASTscan: Fully Automated Security Testing with scanmeter

At a glance
- Project leader : Prof. Dr. Marc Rennhard
- Deputy of project leader : Malte Kushnir
- Project status : ongoing
- Funding partner : Innosuisse (Innovationsprojekt / Projekt Nr. 48528.1 IP-ICT)
- Project partner : scanmeter GmbH
- Contact person : Marc Rennhard
Description
In this R&D project, scanmeter - a service for the automated
security analysis of IT systems - is being extended by three
innovative components. This will significantly increase the level
of automation and test coverage, significantly improve customer
benefits, and expand the fields of applications. Specifically, the
following should be achieved in the project: (1) scanmeter will
support automated security testing of APIs, significantly
increasing the range of applications (e.g., to modern web
applications, mobile apps and Internet of Things (IoT) devices);
(2) scanmeter will be able to detect all types of access control
vulnerabilities in web applications, providing comprehensive
support for this critical vulnerability type; and (3) scanmeter
will support arbitrary authentication processes in web applications
and APIs, enabling full test automation with respect to
authentication as well.
The project is carried out in cooperation between InIT
(https://zhaw.ch/init) and scanmeter GmbH
(https://scanmeter.io).
Publications
-
Rennhard, Marc; Kushnir, Malte; Favre, Olivier; Esposito, Damiano; Zahnd, Valentin,
2022.
Automating the detection of access control vulnerabilities in web applications.
SN Computer Science.
3(5), pp. 376.
Available from: https://doi.org/10.1007/s42979-022-01271-1