FRAUNHOFER INSTITUTE FOR OPEN COMMUNICATION SYSTEMS

  1. Fraunhofer FOKUS
  2. Portfolio
  3. FOKUS-Akademie
  4. Trainings
  5. Seminar Series "Basics of Security Testing"
Security Testing
Practical application of security testing methods and techniques. metamorworks stock

Seminar Series »Basics of Security Testing«

Basics of security testing, security testing processes and optimization through systematic risk management

The Challenge

Over 90 percent of all software security incidents are caused by attackers exploiting known vulnerabilities. The majority of these are based on programming errors that cannot be prevented by structural measures alone.

Systematic integration of security testing activities with other life cycle activities in the software development process makes it possible to identify security gaps at an early stage and thus eliminate them cost-effectively.


The Solution

The seminar series " Basics of Security Testing" teaches the general basics of security testing, their embedding in security testing processes and the software lifecycle, and shows how security testing in particular can be optimized by integrating it into consistent risk management.

During the seminar series, selected security testing methods and techniques will be explained along practical examples. The participants will be able to try out the testing methods and security mechanisms themselves and experience them in practice. Thereby, characteristic vulnerabilities will be exploited, and at the same time methods will be taught to identify and to be able to shut them down.

The seminar series references established security testing standards as well as the procedures and techniques described within them.

Your Advantages at a Glance

After the seminar you can...

  • Apply basic security testing methods
  • Select basic security testing techniques
  • Set up and manage a security testing process
  • Test simple security mechanisms
  • Apply testing and security testing standards
  • Apply simple security testing measures in the software lifecycle 

This seminar offers you...

  • Systematic introduction to the basics of security testing

  • Introduction to risk-based security testing
  • Introduction to security testing techniques such as fuzzing, scanning, etc.
  • Systematic integration of the security testing techniques with the activities of a software life cycle

 

Target Groups

  • Product managers

  • Project managers in product development
  • Product developers
  • Requirements developers
  • Test developers
  • Test analysts
  • Test managers
  • Acceptance testers
  • Quality managers and consultants


Requirements

Practical experience around development, operation and testing of software (incl. procurement).

Overview of the Individual Modules

1st Module »Security Tests throughout the Software Life Cycle«

  • Role of security testing in requirements specification

  • Role of security testing during design
  • Role of security testing in the implementation phase
  • Security testing during system and acceptance testing
  • Security testing in maintenance

2nd Module »Security Testing Processes«

  • Definition of the security testing process

  • Planning of security tests
  • Design of security tests
  • Execution of security tests
  • Evaluation and reporting of security tests

3rd Module »Risk Management and Security Testing«

  • Risk management in the overall context of the organization

  • Risk identification
  • Risk analysis
  • Risk evaluation
  • Risk treatment
  • Risk-based security testing
  • Test-based risk analysis and risk evaluation

4th Module »Testing Security Mechanisms«


  • System hardening

  • Authentication and authorization
  • Encryption
  • Firewalls
  • Attack detection
  • Malware scanning
  • Data masking 

Course Data

LevelBasic
Event Format

Live online seminar as individual scheduled modules, also possible as on-site training upon request

Dates

According to individual agreement (within the framework of the preceding needs analysis)

LanguageGerman or English (Material in English)
Duration
Up to 32h
Number of participants
6-12
LecturersDr. Jürgen Großmann, Martin Schneider and Dorian Knoblauch
Location

Online or On-Site

Fraunhofer FOKUS, Kaiserin Augusta Alle 31, 10589 Berlin

or other locations

Course FeeEUR 2600,- per person (when booking all 4 modules); Discounts for groups over 8 people in individual agreement

Dr. Jürgen Großmann (juergen.grossmann@fokus.fraunhofer.de) is team leader of the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance, risk analysis and IT security testing in the field of critical, networked software systems in the automotive industry and the financial sector.

Martin Schneider is team leader of the testing group in the Quality Engineering business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance and security testing in the field of networked software systems.

Dorian Knoblauch (dorian.knoblauch@fokus.fraunhofer.de) is a research associate in the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in security testing and test automation.

INNO, FOKUS-Akademie, Kontakt, 04.06.2022
golubovy/ iStock

Contact Request

Would you like individual consultation or do you have any questions about our training courses? Send us an email and we will get back to you.

Contact Person
NGNI, Anne Halbich, Team, IIoT
Anne Halbich
Business Unit INNO
+49 30 3463-7346
Email
Contact Person
Jürgen Großmann
Martin Schneider
Dr.-Ing. Jürgen Großmann
Head of Critical Systems Engineering
Business Unit SQC
+49 30 3463-7390
Email
Dipl.-Inform. Martin Schneider
Head of Testing
Business Unit SQC
+49 30 3463-7383
Email
Logo Lernlabor Cybersicherheit
Institute Business Units
Portfolio Up to Date
Publications
Career