Easily test complex software systems for security vulnerabilities

Although complex software systems are the basis of our networked industry they also pose a security risk. Regular checks provide companies assurance of the security of their IT systems. These testing procedures are technically complex and require a high level of IT security expertise, which many companies lack or do not possess to a sufficient extent. As part of this project, Fraunhofer IEM is working with three other Fraunhofer institutes to develop a software tool for the efficient, cost-effective and easy-to-use security testing of software applications. 

To achieve this goal, static and dynamic code analysis will be combined with techniques for generating test cases to create fully automated, intelligent testing software, referred to as a fuzzer. Artificial intelligence methods will be used to combine all of the approaches into an effective tool that enables the automated detection of security vulnerabilities.

The advantage of the tool, which uses the white-box method to examine the source code directly, is the accurate detection of software vulnerabilities in C/C++ program code. Comprehensibly prepared analysis reports are intended to enable efficient and cost-effective assessment of security risks directly in the program code.

Fraunhofer IEM will coordinate the overall project and contribute its in-depth expertise in highly accurate and efficient static code analysis methods, specifically for the detection of security vulnerabilities. The research work will thus be relying on the Phasar tool, developed jointly with the Chair of Software Engineering at the Heinz Nixdorf Institute for the static analysis of C/C++ program code.