loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Anne Borcherding 1 ; Steffen Pfrang 1 ; Christian Haas 1 ; Albrecht Weiche 1 and Jürgen Beyerer 2

Affiliations: 1 Fraunhofer IOSB, Karlsruhe, Germany ; 2 Fraunhofer IOSB, Karlsruhe, Germany, Vision and Fusion Laboratory (IES), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany

Keyword(s): Industrial Control Systems, Black Box Security Testing, Web Application Scanners, Proxy, Usability.

Abstract: Web applications on industrial control systems (ICS) provide functionality such as obtaining status information or updating configurations. However, a web application possibly adds additional attack vectors to the ICS. In order to find existing vulnerabilities of web applications, automated black box web application scanners (WAS) can be used. Evaluations of existing scanners show similar limitations in their applicability. For example, ICS often crash during a scan. If the used scanner does not recognize and handle this issue, it is not able to finish the test. We present HelpMeICS which makes improvements available for different scanners without the need to adapt the specific scanner. It is implemented as a proxy-based solution which is transparent for the scanners and handles different aspects such as error-handling, authentication, and replacement of contents. Our evaluation with five different ICS shows an improvement of applicability as well as a reduction of additional limitat ions of WAS. As an example, our improvements increased the URL coverage from 8% to 100%. For one of the ICS, a complete scan was only made possible by HelpMeICS since the ICS crashed irrecoverably during the scans without HelpMeICS. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.149.214.32

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Borcherding, A.; Pfrang, S.; Haas, C.; Weiche, A. and Beyerer, J. (2020). Helper-in-the-Middle: Supporting Web Application Scanners Targeting Industrial Control Systems. In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT; ISBN 978-989-758-446-6; ISSN 2184-7711, SciTePress, pages 27-38. DOI: 10.5220/0009517800270038

@conference{secrypt20,
author={Anne Borcherding. and Steffen Pfrang. and Christian Haas. and Albrecht Weiche. and Jürgen Beyerer.},
title={Helper-in-the-Middle: Supporting Web Application Scanners Targeting Industrial Control Systems},
booktitle={Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT},
year={2020},
pages={27-38},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009517800270038},
isbn={978-989-758-446-6},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT
TI - Helper-in-the-Middle: Supporting Web Application Scanners Targeting Industrial Control Systems
SN - 978-989-758-446-6
IS - 2184-7711
AU - Borcherding, A.
AU - Pfrang, S.
AU - Haas, C.
AU - Weiche, A.
AU - Beyerer, J.
PY - 2020
SP - 27
EP - 38
DO - 10.5220/0009517800270038
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic