Extracting and Analyzing the Implemented Security Architecture of Business Applications
Security is getting more and more important for the software development process as the advent of more complex, connected and extensible software entails new risks. In particular, multi-tier business applications, e.g., based on the Service-Oriented Architecture (SOA), are vulnerable to new attacks, which may endanger the business processes of an organization. These applications consist often of legacy code, which is now exported via web services, although it has originally been developed for internal use only. The last years showed great progress in the area of static code analysis for the detection of common low-level security bugs, such as buffer overflows and cross-site scripting vulnerabilities.