银行领域移动应用的模糊化:一个案例研究

2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C) Pub Date : 2020-12-01 DOI:10.1109/QRS-C51114.2020.00087

Martin A. Schneider, Marc-Florian Wendland, Abdurrahman Akin, Serafettin Sentürk

{"title":"银行领域移动应用的模糊化:一个案例研究","authors":"Martin A. Schneider, Marc-Florian Wendland, Abdurrahman Akin, Serafettin Sentürk","doi":"10.1109/QRS-C51114.2020.00087","DOIUrl":null,"url":null,"abstract":"Mobile applications are today ubiquitous, and everybody uses them on a daily basis. This applies also to security-critical mobile applications such as online banking apps. In today's architectures, these mobile applications are usually fed from the same source as mobile applications on smart phones, i.e. web services. This makes security testing of web services inevitable. Furthermore, regulation increases and requires stronger security mechanisms as with the strong customer authentication from the Revised European Payment Services Directive (PSD2). Automated security testing is a way to cope with the increasing requirements on assuring the security of such web services and their implemented security controls whilst dealing with decreasing resources for such efforts. In this paper, we present our experiences from a case study provided by Kuveyt Türk Bank performed within the ITEA-3 project TESTOMAT where we introduced automated security testing in terms of fuzzing to complement manual security testing.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"160 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Fuzzing of Mobile Application in the Banking Domain: a Case Study\",\"authors\":\"Martin A. Schneider, Marc-Florian Wendland, Abdurrahman Akin, Serafettin Sentürk\",\"doi\":\"10.1109/QRS-C51114.2020.00087\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile applications are today ubiquitous, and everybody uses them on a daily basis. This applies also to security-critical mobile applications such as online banking apps. In today's architectures, these mobile applications are usually fed from the same source as mobile applications on smart phones, i.e. web services. This makes security testing of web services inevitable. Furthermore, regulation increases and requires stronger security mechanisms as with the strong customer authentication from the Revised European Payment Services Directive (PSD2). Automated security testing is a way to cope with the increasing requirements on assuring the security of such web services and their implemented security controls whilst dealing with decreasing resources for such efforts. In this paper, we present our experiences from a case study provided by Kuveyt Türk Bank performed within the ITEA-3 project TESTOMAT where we introduced automated security testing in terms of fuzzing to complement manual security testing.\",\"PeriodicalId\":358174,\"journal\":{\"name\":\"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)\",\"volume\":\"160 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS-C51114.2020.00087\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS-C51114.2020.00087","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

如今，移动应用无处不在，每个人每天都在使用它们。这也适用于对安全至关重要的移动应用程序，如网上银行应用程序。在今天的架构中，这些移动应用程序通常来自与智能手机上的移动应用程序相同的来源，即web服务。这使得对web服务进行安全测试成为必然。此外，监管增加，需要更强大的安全机制，如修订后的欧洲支付服务指令(PSD2)中的强大客户身份验证。自动化的安全性测试是一种方法，用于处理不断增加的需求，确保此类web服务及其实现的安全控制的安全性，同时处理此类工作的资源减少。在本文中，我们展示了Kuveyt trk Bank在ITEA-3项目TESTOMAT中提供的案例研究的经验，在TESTOMAT中，我们根据模糊测试引入了自动化安全性测试，以补充手动安全性测试。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Fuzzing of Mobile Application in the Banking Domain: a Case Study

Mobile applications are today ubiquitous, and everybody uses them on a daily basis. This applies also to security-critical mobile applications such as online banking apps. In today's architectures, these mobile applications are usually fed from the same source as mobile applications on smart phones, i.e. web services. This makes security testing of web services inevitable. Furthermore, regulation increases and requires stronger security mechanisms as with the strong customer authentication from the Revised European Payment Services Directive (PSD2). Automated security testing is a way to cope with the increasing requirements on assuring the security of such web services and their implemented security controls whilst dealing with decreasing resources for such efforts. In this paper, we present our experiences from a case study provided by Kuveyt Türk Bank performed within the ITEA-3 project TESTOMAT where we introduced automated security testing in terms of fuzzing to complement manual security testing.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)

自引率

0.00%

发文量