FASTscan: Fully Automated Security Testing with scanmeter
At a glance
- Project leader : Prof. Dr. Marc Rennhard
- Project team : Benjamin Gehring, Malte Kushnir, Michael Schlaubitz, Onur Veyisoglu
- Project status : ongoing
- Funding partner : Innosuisse (Innovationsprojekt / Projekt Nr. 48528.1 IP-ICT)
- Project partner : scanmeter GmbH
- Contact person : Marc Rennhard
Description
In this R&D project, scanmeter - a service for the automated security analysis of IT systems - is being extended by three innovative components. This will significantly increase the level of automation and test coverage, significantly improve customer benefits, and expand the fields of applications. Specifically, the following should be achieved in the project: (1) scanmeter will support automated security testing of APIs, significantly increasing the range of applications (e.g., to modern web applications, mobile apps and Internet of Things (IoT) devices); (2) scanmeter will be able to detect all types of access control vulnerabilities in web applications, providing comprehensive support for this critical vulnerability type; and (3) scanmeter will support arbitrary authentication processes in web applications and APIs, enabling full test automation with respect to authentication as well. The project is carried out in cooperation between InIT (https://zhaw.ch/init) and scanmeter GmbH (https://scanmeter.io).
Publications
-
Rennhard, Marc; Kushnir, Malte; Favre, Olivier; Esposito, Damiano; Zahnd, Valentin,
2022.
Automating the detection of access control vulnerabilities in web applications.
SN Computer Science.
3(5), pp. 376.
Available from: https://doi.org/10.1007/s42979-022-01271-1