A research project of the SecuriFIT consortium is investigating the possibility of using the fuzzing test method to test the security of interfaces in the cloud and mobile computing and thus to detect security gaps.
The research consortium SecuriFIT has been testing so-called fuzzing for more than six months. This test method should be particularly suitable for securing system interfaces and for detecting quality and security gaps in cloud computing and in mobile applications. A prerequisite for a high detection rate, however, is that fuzzing is systematically integrated into the testing process of companies.
The research consortium SecuriFIT consists of a network of experts from SQS Software Quality Systems AG and Codenomicon, a provider of fuzzing tools, and is funded by SesamBB, a network of companies from Berlin and Brandenburg.
In so-called fuzzing, interfaces are subjected to a type of stress test and continuously attacked with test data to open the interfaces. The motivation for the project was the fact that fuzzing as a test technique has not yet been systematically integrated into existing test processes, explain the researchers of the project.
“SecuriFIT has now presented a generic test process that includes fuzzing and thus makes this test technique usable for a systematic practical application. This allows fuzzing to be easily integrated into all test processes, “explains Frank Simon, Head of SQS Research. In the coming months, SecuriFIT will test a concrete application case and underpin the benefits of fuzzing with empirical data. The research results themselves are now available to members and interested parties of the SesamBB network.
Promotion of IT security
The research project is funded by SesamBB, a network of companies from Berlin and Brandenburg. The state government of Brandenburg supports SesamBB in the context of the joint task “Improvement of the regional economic structure” (GRW) with federal and state funds.
TDS offers working time management “as-a-service”
As an SaaS solution, users use, for example, the automatic holiday inquiry, electronic approval procedures, qualification management or the Employee & Manager Self Service of the ATOSS software. Personnel administrators can continue to use their familiar HR software such as SAP HCM, P & I Loga or TDS personnel via standardized interfaces integrated with ATOSS.
The IT full-service provider TDS has put together three packages for the use of “TDS Zeitwirtschaft powered by ATOSS”: The basic package for companies up to one thousand employees provides them with the basic functions of time management and personnel deployment planning.
If necessary, the basic package can be extended: to the “Advanced” package for up to three thousand employees with more functions around time management and staff deployment planning or the “Enterprise” package for up to ten thousand employees and with specially adapted to the needs of the company functionalities.
All packages for working time management can be integrated into the modular HR software TDS-Personal – according to the supplier, customers benefit from more efficient personnel processes.