Automated Security Testing for Applications Integrating Third-Party Services
ثبت نشده
چکیده
Modern applications have become increasingly complex in both function and construction. Commerce websites use inferred user preferences to show relevant merchandise, banking websites implement complex transaction protocols, social networks need to safeguard sensitive user information, and mobile applications incorporate authentication, sharing, and payment mechanisms. Third-party services have become a common way to implement these functionalities, e↵ectively making most applications today large mashups of both code and services from numerous parties. Widespread integration of third-party services into web and mobile applications raises a critical problem: how to ensure desired security and privacy properties for programs integrating third-party services.
منابع مشابه
SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities
Correctly integrating third-party services into web applications is challenging, and mistakes can have grave consequences when third-party services are used for security-critical tasks such as authentication and authorization. Developers often misunderstand integration requirements and make critical mistakes when integrating services such as single sign-on APIs. Since traditional programming te...
متن کاملAttack Patterns for Black-Box Security Testing of Multi-Party Web Applications
The advent of Software-as-a-Service (SaaS) has led to the development of multi-party web applications (MPWAs). MPWAs rely on core trusted third-party systems (e.g., payment servers, identity providers) and protocols such as Cashier-as-aService (CaaS), Single Sign-On (SSO) to deliver business services to users. Motivated by the large number of attacks discovered against MPWAs and by the lack of ...
متن کاملFLEXDROID: Enforcing In-App Privilege Separation in Android
Mobile applications are increasingly integrating third-party libraries to provide various features, such as advertising, analytics, social networking, and more. Unfortunately, such integration with third-party libraries comes with the cost of potential privacy violations of users, because Android always grants a full set of permissions to third-party libraries as their host applications. Uninte...
متن کاملSecurity-aware selection of Web Services for Reliable Composition
Dependability is an important characteristic that a trustworthy computer system should have. It is a measure of Availability, Reliability, Maintainability, Safety and Security. The focus of our research is on security of web services. Web services enable the composition of independent services with complementary functionalities to produce value-added services, which allows organizations to impl...
متن کاملThe Integrated Supply Chain of After-sales Services Model: A Multi-objective Scatter Search Optimization Approach
Abstract: In recent decades, high profits of extended warranty have caused that third-party firms consider it as a lucrative after-sales service. However, customers division in terms of risk aversion and effect of offering extended warranty on manufacturers’ basic warranty should be investigated through adjusting such services. Since risk-averse customers welcome extended warranty, while the cu...
متن کامل