{"id":"https://openalex.org/W2950023496","doi":"https://doi.org/10.1515/auto-2019-0021","title":"Automated security testing for web applications on industrial automation and control systems","display_name":"Automated security testing for web applications on industrial automation and control systems","publication_year":2019,"publication_date":"2019-05-01","ids":{"openalex":"https://openalex.org/W2950023496","doi":"https://doi.org/10.1515/auto-2019-0021","mag":"2950023496"},"language":"en","primary_location":{"id":"doi:10.1515/auto-2019-0021","is_oa":false,"landing_page_url":"https://doi.org/10.1515/auto-2019-0021","pdf_url":null,"source":{"id":"https://openalex.org/S4210170077","display_name":"at - Automatisierungstechnik","issn_l":"0178-2312","issn":["0178-2312","2196-677X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319967","host_organization_name":"R. Oldenbourg Verlag","host_organization_lineage":["https://openalex.org/P4310319967"],"host_organization_lineage_names":["R. Oldenbourg Verlag"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"at - Automatisierungstechnik","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086003097","display_name":"Steffen Pfrang","orcid":"https://orcid.org/0000-0001-7768-7259"},"institutions":[{"id":"https://openalex.org/I4210111500","display_name":"Fraunhofer Institute of Optronics, System Technologies and Image Exploitation","ror":"https://ror.org/01zx97922","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210111500","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Steffen Pfrang","raw_affiliation_strings":["Fraunhofer IOSB , Karlsruhe , Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer IOSB , Karlsruhe , Germany","institution_ids":["https://openalex.org/I4210111500"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055740054","display_name":"Anne Borcherding","orcid":"https://orcid.org/0000-0002-8144-2382"},"institutions":[{"id":"https://openalex.org/I4210111500","display_name":"Fraunhofer Institute of Optronics, System Technologies and Image Exploitation","ror":"https://ror.org/01zx97922","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210111500","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Anne Borcherding","raw_affiliation_strings":["Fraunhofer IOSB , Karlsruhe , Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer IOSB , Karlsruhe , Germany","institution_ids":["https://openalex.org/I4210111500"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102015256","display_name":"David Meier","orcid":"https://orcid.org/0000-0003-0660-8087"},"institutions":[{"id":"https://openalex.org/I4210111500","display_name":"Fraunhofer Institute of Optronics, System Technologies and Image Exploitation","ror":"https://ror.org/01zx97922","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210111500","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"David Meier","raw_affiliation_strings":["Fraunhofer IOSB , Karlsruhe , Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer IOSB , Karlsruhe , Germany","institution_ids":["https://openalex.org/I4210111500"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073930300","display_name":"J\u00fcrgen Beyerer","orcid":"https://orcid.org/0000-0003-3556-7181"},"institutions":[{"id":"https://openalex.org/I4210111500","display_name":"Fraunhofer Institute of Optronics, System Technologies and Image Exploitation","ror":"https://ror.org/01zx97922","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210111500","https://openalex.org/I4923324"]},{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"J\u00fcrgen Beyerer","raw_affiliation_strings":["Fraunhofer IOSB , Karlsruhe , Germany","Vision and Fusion Laboratory , Karlsruhe Institute of Technology , Karlsruhe , Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer IOSB , Karlsruhe , Germany","institution_ids":["https://openalex.org/I4210111500"]},{"raw_affiliation_string":"Vision and Fusion Laboratory , Karlsruhe Institute of Technology , Karlsruhe , Germany","institution_ids":["https://openalex.org/I102335020"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5086003097"],"corresponding_institution_ids":["https://openalex.org/I4210111500"],"apc_list":null,"apc_paid":null,"fwci":0.6783,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.77138064,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"67","issue":"5","first_page":"383","last_page":"401"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9894000291824341,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9847999811172485,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6196632385253906},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.6159567832946777},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.5858774185180664},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.575320303440094},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.520759105682373},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5118243098258972},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5114883184432983},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5083433985710144},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4844474792480469},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.46549710631370544},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.4348360300064087},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.42913147807121277},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.41523945331573486},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.2975269556045532},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.29431819915771484},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2855507731437683},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.26642662286758423},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.24882569909095764},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.19333115220069885},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.13739192485809326}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6196632385253906},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.6159567832946777},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.5858774185180664},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.575320303440094},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.520759105682373},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5118243098258972},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5114883184432983},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5083433985710144},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4844474792480469},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.46549710631370544},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.4348360300064087},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.42913147807121277},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.41523945331573486},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.2975269556045532},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.29431819915771484},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2855507731437683},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.26642662286758423},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.24882569909095764},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.19333115220069885},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.13739192485809326},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1515/auto-2019-0021","is_oa":false,"landing_page_url":"https://doi.org/10.1515/auto-2019-0021","pdf_url":null,"source":{"id":"https://openalex.org/S4210170077","display_name":"at - Automatisierungstechnik","issn_l":"0178-2312","issn":["0178-2312","2196-677X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319967","host_organization_name":"R. Oldenbourg Verlag","host_organization_lineage":["https://openalex.org/P4310319967"],"host_organization_lineage_names":["R. Oldenbourg Verlag"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"at - Automatisierungstechnik","raw_type":"journal-article"},{"id":"pmh:oai:fraunhofer.de:N-549104","is_oa":false,"landing_page_url":"http://publica.fraunhofer.de/documents/N-549104.html","pdf_url":null,"source":{"id":"https://openalex.org/S4306400801","display_name":"Publikationsdatenbank der Fraunhofer-Gesellschaft (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Fraunhofer IOSB","raw_type":"Journal Article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/257784","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/257784","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"journal article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1979931683","https://openalex.org/W2109183627","https://openalex.org/W2135583690","https://openalex.org/W2181575292","https://openalex.org/W2185917985","https://openalex.org/W2209327732","https://openalex.org/W2784110154","https://openalex.org/W2792480350","https://openalex.org/W4240591057"],"related_works":["https://openalex.org/W2540919174","https://openalex.org/W2376521939","https://openalex.org/W2361960050","https://openalex.org/W2094754363","https://openalex.org/W4385770215","https://openalex.org/W2891988338","https://openalex.org/W626641102","https://openalex.org/W2003115932","https://openalex.org/W4249792249","https://openalex.org/W1527427713"],"abstract_inverted_index":{"Abstract":[0],"Industrial":[1],"automation":[2,95,334],"and":[3,35,41,69,90,116,145,240,347],"control":[4],"systems":[5],"(IACS)":[6],"play":[7],"a":[8,79,111,157,167,186,192,227,234,291],"key":[9],"role":[10],"in":[11,44,105,343],"modern":[12],"production":[13],"facilities.":[14],"On":[15,28],"the":[16,24,29,42,93,106,181,210,250,254,266,270,280,287,301,309,323,328,332,344,355],"one":[17],"hand,":[18,31],"they":[19,32,135],"provide":[20,64],"real-time":[21],"functionality":[22],"to":[23,38,46,77,141,147,198,204,349],"connected":[25,37],"field":[26],"devices.":[27,356],"other":[30],"get":[33,137],"more":[34,36],"local":[39],"networks":[40],"internet":[43],"order":[45,140],"facilitate":[47],"use":[48,179],"cases":[49],"promoted":[50],"by":[51,274,354],"\u201cIndustrie":[52],"4.0\u201d.":[53],"A":[54],"lot":[55,112],"of":[56,113,125,169,172,180,185,194,253,265,286,300,317],"IACS":[57,143],"are":[58,224,243],"equipped":[59],"with":[60,249,261],"web":[61,65,80,101,120,173,222,255,267,324],"servers":[62],"that":[63,279,338],"applications":[66,102,121,223,256,268],"for":[67,100,118,122,151,162,257],"configuration":[68],"management":[70],"purposes.":[71],"If":[72],"an":[73,84,262],"attacker":[74],"gains":[75],"access":[76],"such":[78,200],"application":[81,174],"operated":[82],"on":[83,189],"IACS,":[85,232,330],"he":[86],"can":[87,136],"exploit":[88],"vulnerabilities":[89,133,201,313],"possibly":[91],"interrupt":[92],"critical":[94,333],"process.":[96,335],"Cyber":[97],"security":[98,149,159,302,339],"research":[99],"is":[103,202,212,216,341],"well-known":[104],"office":[107],"IT.":[108],"There":[109],"exist":[110],"best":[114],"practices":[115],"tools":[117],"testing":[119,128,160,340],"different":[123],"kinds":[124],"vulnerabilities.":[126,175,258,289],"Security":[127],"targets":[129],"at":[130],"discovering":[131],"those":[132],"before":[134],"exploited.":[138],"In":[139,226,290],"enable":[142],"manufacturers":[144],"integrators":[146],"perform":[148],"tests":[150],"their":[152],"devices,":[153],"ISuTest":[154],"was":[155],"developed,":[156],"modular":[158],"framework":[161],"IACS.":[163],"This":[164,214,336],"paper":[165],"provides":[166],"classification":[168],"known":[170],"types":[171],"Therefore,":[176],"it":[177],"makes":[178],"worst":[182],"direct":[183],"impact":[184],"vulnerability.":[187],"Based":[188],"this":[190],"analysis,":[191,310],"subset":[193],"open-source":[195],"vulnerability":[196,271,281,296],"scanners":[197,272,282],"detect":[199],"selected":[203],"be":[205,305],"integrated":[206],"into":[207],"ISuTest.":[208,275],"Subsequently,":[209],"integration":[211],"evaluated.":[213],"evaluation":[215,246],"twofold:":[217],"At":[218],"first,":[219],"willful":[220],"vulnerable":[221],"used.":[225,244],"second":[228],"step,":[229],"seven":[230],"real":[231],"like":[233],"programmable":[235],"logic":[236],"controller,":[237],"industrial":[238,345],"switches":[239],"cloud":[241],"gateways,":[242],"Both":[245],"steps":[247],"start":[248],"manual":[251],"examination":[252],"They":[259],"conclude":[260],"automated":[263,273],"test":[264],"using":[269,294],"The":[276],"results":[277],"show":[278],"detected":[283],"53":[284],"%":[285,299],"existing":[288],"former":[292],"study":[293],"commercial":[295],"scanners,":[297],"54":[298],"flaws":[303],"could":[304],"found.":[306],"While":[307],"performing":[308],"45":[311],"new":[312],"were":[314],"detected.":[315],"Some":[316],"them":[318],"did":[319],"not":[320],"only":[321],"break":[322],"server":[325],"but":[326],"crashed":[327],"whole":[329],"stopping":[331],"shows":[337],"crucial":[342],"domain":[346],"needs":[348],"cover":[350],"all":[351],"services":[352],"provided":[353]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}