Logo des Repositoriums

Auflistung nach Autor:in "Brucker, Achim"

1 - 2 von 2
  • Konferenzbeitrag
    Deploying static application security testing on a large scale
    (Sicherheit 2014 – Sicherheit, Schutz und Zuverlässigkeit, 2014) Brucker, Achim; Sodan, Uwe
    Static Code Analysis (SCA), if used for finding vulnerabilities also called Static Application Security Testing (SAST), is an important technique for detecting software vulnerabilities already at an early stage in the software development lifecycle. As such, SCA is adopted by an increasing number of software vendors. The wide-spread introduction of SCA at a large software vendor, such as SAP, creates both technical as well as non-technical challenges. Technical challenges include high false positive and false negative rates. Examples of non-technical challenges are the insufficient security awareness among the developers and managers or the integration of SCA into a software development life-cycle that facilitates agile development. Moreover, software is not developed following a greenfield approach: SAP's security standards need to be passed to suppliers and partners in the same manner as SAP's customers begin to pass their security standards to SAP. In this paper, we briefly present how the SAP's Central Code Analysis Team introduced SCA at SAP and discuss open problems in using SCA both inside SAP as well as across the complete software production line, i. e., including suppliers and partners.
  • Konferenzbeitrag
    Zertifizierte Datensicherheit für Android-Anwendungen auf Basis statischer Programmanalysen
    (Sicherheit 2014 – Sicherheit, Schutz und Zuverlässigkeit, 2014) Bartsch, Steffen; Berger, Bernhard; Bodden, Eric; Brucker, Achim; Heider, Jens; Kus, Mehmet; Maseberg, Sönke; Sohr, Karsten; Volkamer, Melanie
    Smartphones erfreuen sich einer stetig wachsenden Beliebtheit. Ein Grund hierfür ist die Vielzahl verschiedenster mobiler Anwendungen. Mit den Chancen, die sich hierdurch für den Benutzer, aber auch Organisationen bieten, sind Risiken verbunden, die beispielsweise zu einer Verletzung der Privatsphäre führen können. In diesem Beitrag diskutieren wir, wie statische Programmanalyse dabei helfen kann, Android-Anwendungen bzgl. der Sicherheit zu zertifizieren.