Testing
In this area you’ll find material for security-testing. The problem of security-testing is that you have to test ‘how the normal functions/applications don’t have to work’.
| Topic | Version | Language | Date | Type | Format | Author |
|---|---|---|---|---|---|---|
| A Pracatical Guide to Vulnerability Checkers |
|
03/13/06 | White Paper |
pdf
|
SVS-UHH | |
| Open Source Static Analysis Tools for Security Testing of Java Web Applications |
|
12/19/06 | White Paper |
pdf
|
SAP | |
| Leitfaden-Applikationspenetrationstest | 1.0 |
|
04/02/07 | Guide |
pdf
|
SAP |
| Security Tests for Web Services | 1.0 |
|
March 2007 | Best Practice Guide |
pdf
|
SAP |
CISAT
The term "static source code analysis" describes a class of algorithms that aims to "understand" computer programs automatically by examining the program's source code. As part of the secologic-project, we examined the capabilities of static source code analysis in respect to finding security vulnerabilities. Based on our findings we created CISAT, a framework to integrate static analysis for security into the development-process.
| Topic | Version | Language | Date | Type | Format | Author |
|---|---|---|---|---|---|---|
| CISAT: Integration von sicherheitszentrierter statischer Analyse in den Enwicklungsprozess | 1.0 |
|
02/07/06 | Academic paper |
pdf
|
SVS-UHH |
| CISAT: Documentation and Software Packages | 1.0 |
|
04/01/07 | Software |
misc.
|
SVS-UHH |