Java IoT Authors: Zakia Bouachraoui, Liz McMillan, Elizabeth White, Pat Romanski, Yeshim Deniz

News Feed Item

Fraunhofer SIT: Auto-Correction for Software Developers

Fraunhofer SIT has published a vulnerability scanner for Android, allowing app developers to find and close a frequently occurring SSL security gap automatically. The software can be downloaded free of charge at https://sit.sit.fraunhofer.de/eclipse/howto-ssl/ and has been developed at the European Center for Security and Privacy by Design (EC SPRIDE) in Darmstadt, which is funded by the Federal Ministry of Education and Research. The EC SPRIDE scientists develop new testing tools for both Android and Java code that use innovative analysis techniques and that can be integrated directly into development environments. The tools even allow the fast detection of errors that are usually difficult to find in programming code. Fraunhofer SIT will present the tools and procedure at the CeBIT in Hanover from March 10 until 14 at its stand in hall 9, booth E40.

Many security vulnerabilities are the result of simple programming mistakes which, due to an ever increasing complexity of software products, are becoming harder and harder to avoid. Software frequently consists of various program parts, sometimes written by various development teams. Programmers can no longer fully comprehend the interaction of the different software components. This is why today’s software enterprises use tools with which programming code can be tested automatically. Conventional vulnerability scanners, however, which can be operated on one’s personal computer, are often limited to detecting simple errors. But the complex errors are the ones that are hard to find and avoid. To detect such complex security vulnerabilities in programming code, software enterprises previously had to have their own code analyzed by external companies, e.g. by expensive testing services from overseas. However, enterprises often receive the results with a considerable time delay. By the time an issue is reported, the developers are probably already busy with completely different things.

Therefore, Prof. Dr. Eric Bodden at Fraunhofer SIT and his team at the cyber-security center EC SPRIDE have developed an efficient analysis framework and integrated it into testing tools. These new vulnerability scanners can be run on simple computers, but they are more powerful than the expensive external analytical services and find a greater number of complex errors in shorter time. The Darmstadt researchers’ scanning tools often deliver results even in milliseconds. This is possible due to new analysis techniques that can review even complex interactions quickly in the code. „Secure software development is just like a maze“, Bodden declares, „it is very easy to take a wrong turn but very difficult to find the correct route. This is why companies use testing tools to reach their goal as quickly as possible. But conventional tools allow developers just to glance around the next corner. With our tools they can look the next ten corners ahead.“ The analysis techniques can be used with different programming languages and may be optimized for specific tasks.

The current analysis framework supports highly complex data-flow analyses. A simpler but in practice very relevant example is the now published scanner for SSL vulnerabilities. It is an eclipse plug-in that programmers can implement easily into typical development environments. The testing tool helps app developers to detect flawed implementations of the secure socket layer protocol (SSL) in Android code and can be used free of charge as an open source software. The dimension of the SSL problem in apps was demonstrated last year, when Fraunhofer SIT found errors in a multitude of apps that partially involved great risks for users.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.