Martin A. Schneider, Marc-Florian Wendland, Abdurrahman Akin, Serafettin Sentürk
{"title":"银行领域移动应用的模糊化:一个案例研究","authors":"Martin A. Schneider, Marc-Florian Wendland, Abdurrahman Akin, Serafettin Sentürk","doi":"10.1109/QRS-C51114.2020.00087","DOIUrl":null,"url":null,"abstract":"Mobile applications are today ubiquitous, and everybody uses them on a daily basis. This applies also to security-critical mobile applications such as online banking apps. In today's architectures, these mobile applications are usually fed from the same source as mobile applications on smart phones, i.e. web services. This makes security testing of web services inevitable. Furthermore, regulation increases and requires stronger security mechanisms as with the strong customer authentication from the Revised European Payment Services Directive (PSD2). Automated security testing is a way to cope with the increasing requirements on assuring the security of such web services and their implemented security controls whilst dealing with decreasing resources for such efforts. In this paper, we present our experiences from a case study provided by Kuveyt Türk Bank performed within the ITEA-3 project TESTOMAT where we introduced automated security testing in terms of fuzzing to complement manual security testing.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"160 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Fuzzing of Mobile Application in the Banking Domain: a Case Study\",\"authors\":\"Martin A. Schneider, Marc-Florian Wendland, Abdurrahman Akin, Serafettin Sentürk\",\"doi\":\"10.1109/QRS-C51114.2020.00087\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile applications are today ubiquitous, and everybody uses them on a daily basis. This applies also to security-critical mobile applications such as online banking apps. In today's architectures, these mobile applications are usually fed from the same source as mobile applications on smart phones, i.e. web services. This makes security testing of web services inevitable. Furthermore, regulation increases and requires stronger security mechanisms as with the strong customer authentication from the Revised European Payment Services Directive (PSD2). Automated security testing is a way to cope with the increasing requirements on assuring the security of such web services and their implemented security controls whilst dealing with decreasing resources for such efforts. In this paper, we present our experiences from a case study provided by Kuveyt Türk Bank performed within the ITEA-3 project TESTOMAT where we introduced automated security testing in terms of fuzzing to complement manual security testing.\",\"PeriodicalId\":358174,\"journal\":{\"name\":\"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)\",\"volume\":\"160 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS-C51114.2020.00087\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS-C51114.2020.00087","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Fuzzing of Mobile Application in the Banking Domain: a Case Study
Mobile applications are today ubiquitous, and everybody uses them on a daily basis. This applies also to security-critical mobile applications such as online banking apps. In today's architectures, these mobile applications are usually fed from the same source as mobile applications on smart phones, i.e. web services. This makes security testing of web services inevitable. Furthermore, regulation increases and requires stronger security mechanisms as with the strong customer authentication from the Revised European Payment Services Directive (PSD2). Automated security testing is a way to cope with the increasing requirements on assuring the security of such web services and their implemented security controls whilst dealing with decreasing resources for such efforts. In this paper, we present our experiences from a case study provided by Kuveyt Türk Bank performed within the ITEA-3 project TESTOMAT where we introduced automated security testing in terms of fuzzing to complement manual security testing.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
