Continuous Attack Surface Monitoring of Web Services – Integrating Security into the Deployment Process

Cyber attacks on computer systems and networks have become an apparent threat and can cause significant damage to those companies affected. Many attacks exploit vulnerabilities in web services or underlying components. With the advancement of continuous deployment processes, the attack surface may change rapidly with each deployment. This thesis proposes an architecture for a toolbox that allows for continuous monitoring of web services from an attacker’s perspective. The toolbox’s primary objective is to detect vulnerabilities or unintended configuration changes in large enterprise networks. Existing toolboxes fall short regarding scan configuration granularity, integration of third-party scanning tools, or the ability to run in a productive environment. In order to address these challenges, the proposed toolbox adopts a plugin architecture that leverages the expertise that goes into developing scanning tools. Therefore, it is quickly extendable and can easily integrate new security parameters. We split the scan configuration into two parts, allowing for a separate target definition and scan content specification. This enables fine-grained configuration possibilities. The toolbox generates a report consisting of several blocks, each created by a plugin. Our scan automation solution involves two strategies. First, scans are executed based on a given schedule, similar to a cron-like behavior. Second, the toolbox can be integrated into a deployment pipeline. The toolbox is implemented as a server application, with a slim client interacting with it via an Application Programming Interface (API). This conceptual decision eases the integration process. We design and implement a prototype and deploy it on a virtual server. It successfully scans the web service KISTERS Datasphere and generates a report consolidating the results. We further evaluate the toolbox by conducting expert interviews led by the Technology Acceptance Model (TAM) model. Our case study suggests that the toolbox can create meaningful reports and is perceived as useful for continuous usage in a productive environment. Generally, the core functionality of the toolbox is perceived as user-friendly. However, the inherent complexities of security scanning dampen user expectations slightly regarding the easy integration of new tools and the creation of scan content. Overall, the proposed architecture provides a flexible and scalable solution for continuously monitoring web services.

Project information



Thesis for degree:



Felix Huhn