Contact Person
Martin Schneider
Dipl.-Inform. Martin Schneider
Senior Scientist
Business Unit SQC
+49 30 3463-7383

IntelliSecTest 

Intelligently supporting Security Testing  

June 01, 2020 to May 31, 2023

In most areas of life, digitization is progressing constantly. Entire economic sectors are now dependent on information and communication technologies. This means that a new risk factor is becoming increasingly important for companies and requires their attention: cybercrime can become a threat to companies that are dependent on digital systems in numerous ways. In order to prevent and protect against attacks on IT-systems, these systems must be tested regarding security vulnerabilities – this can be achieved by the use of different techniques of security testing. However, the use of only one of these techniques is not sufficient, as every technique has its own strengths and weaknesses. Additionally, the analysis of the results is complex and requires special knowledge. Therefore, sound and thorough security testing is currently highly resource-intensive and expensive. Further, as of now tests can only be carried out and analyzed by qualified personnel. The Fraunhofer joint project IntelliSecTest will contribute to making security testing more accessible, while at the same time achieving better test results.

Aim and approach

The IntelliSecTest project will combine the commonly used techniques of static analysis and dynamic analysis in order to allow for more comprehensive testing. Both procedures individually pose problems: With the static analysis, the source code of the test system is checked for possible vulnerabilities. However, this is also accompanied by the occurrence of false-positive results, i. e. errors and security holes are reported where there actually are none. In contrast, dynamic testing – the testing of running systems using predefined inputs, often produces false-negative results, i. e. errors are overlooked. Within the IntelliSecTest project, the two procedures are going to be combined: The results of an initial static test are subsequently checked and further developed in the second step of dynamic testing. The obtained test results are now made available to the static analysis in order to identify further possible weaknesses, which are then checked again. This circle is then repeated until a predefined termination condition – e.g. no newly detected vulnerabilities for a number of repetitions of cycles - is reached. Within the scope of the project, the process is to be extended by artificial intelligence methods in order to further optimize dynamic testing in particular.

The developed procedure will be implemented in the context of a user-friendly tool, also allowing non-experts to benefit from this tool through the intuitive presentation of the analyses. With its expertise in the area of dynamic testing, Fraunhofer FOKUS is going to contribute mainly to this part of the project. The FOKUS fuzzing tool Fuzzino is going to be used and further developed. Fuzzino allows the detection of unknown security holes by confronting the test system with random, invalid, or unexpected inputs.

Project partners and funding

IntelliSecTest is a research project, funded by an internal support program of the Fraunhofer Gesellschaft. The Fraunhofer Institute for Mechatronic Systems Designs (Fraunhofer IEM) is responsible for the project management. Besides Fraunhofer FOKUS, the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), as well as the Fraunhofer Institute for Applied and Integrated Security (AISEC) are involved. The project starts on 1 June, 2020 and runs for three years.