REST API Security Testing within the IEC 62443-4-1 Standard
Loading...
URL
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu |
Master's thesis
Authors
Date
2024-07-31
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
55 + 11
Series
Abstract
REST APIs are widely used by web applications and industrial automation and control systems (IACS), but their exposure to the internet makes them prime targets for attackers. Security testing is crucial to ensure the safety of REST APIs, and Practice 5 of the IEC 62443-4-1 standard provides guidelines for the security testing of products. This thesis addresses the challenge of designing and implementing a test framework focused on the security testing of REST APIs while providing evidence of compliance with the standard. It includes a mechanism for mapping test cases to IEC 62443-4-1 requirements, facilitating compliance with Practice 5, as well as an extensive list of REST API security properties defined and categorized based on REST principles. The thesis advances the automation of REST API security testing in industrial settings and establishes a robust foundation for integrating additional tools and refining test cases.Description
Supervisor
Gunn, LachlanThesis advisor
Rasinen, JariKeywords
security testing, REST API security, IEC 62443-4-1, software compliance, industrial automation and control systems