Abstract: A security audit of SCA Tool Application, its IT infrastructure’s configuration, and the ISM within the organization SCA Tool was conducted. The objective was to establish a foundation for an ISMS and provide actionable recommendations for specific vulnerabilities. During the vulnerability assessment, penetration testing tools were utilized, source code analyses were performed, and organizational vulnerabilities were identified through questionnaires. Based on existing ISMS frameworks, policies were developed for areas of SCA Tool requiring immediate action. Mitigation strategies for the identified vulnerabilities were formulated in accordance with these policies. In this process, technical documentation of the software modules in use, regulatory requirements, and the organizational context were considered. This thesis has demonstrated the need for action regarding security in SCA Tool. It has highlighted the importance of best practices in secure software development and consistency in source code. Additionally, multiple layers of security are essential for a secure web application. Finally, further recommendations for the future enhancement of security for SCA Tool were provided.
Keywords: SCA Tool, Security Audit, Security
PDF: Master Thesis
Reference: André Rosenberger. SCA Tool Security Audit. Master Thesis. Friedrich-Alexander-Universität Erlangen-Nürnberg: 2025.