FRAUNHOFER INSTITUTE FOR OPEN COMMUNICATION SYSTEMS

  1. Fraunhofer FOKUS
  2. Portfolio
  3. FOKUS-Akademie
  4. Online Trainings
  5. Testing Security Mechanisms
FOKUS Akademie - Kurs Security Tester 
metamorworks stock

Testing Security Mechanisms

Basics of security testing

The challenge

Security in modern IT systems can be established through a variety of mechanisms. The most common ones include firewalls, malware scanners, authorisation, and authentication. Depending on the nature of the respective system, suitable mechanisms are implemented, and their effectiveness must be tested.

The solution

Testing must be carried out to ensure the effectiveness of the security mechanisms used.

The course teaches test methods and concepts for testing common security mechanisms. Basic conceptual and technical knowledge is imparted, which is illustrated by means of concrete examples. In this way, the participants can try out the test methods of the security mechanisms during an attack on an IT system. In the process, characteristic vulnerabilities are exploited, and at the same time methods are taught to identify and close them.

This training is a course offering of the advanced training program Learning Lab Cybersecurity and is offered by Fraunhofer FOKUS.

Your advantages at a glance

After the seminar you will be able to...

  • Implement security mechanisms and apply testing methods for common security mechanisms.

This seminar offers you...

  • A systematic introduction to testing security mechanisms
  • Learning from practical examples
  • An opportunity to try out your new knowledge in a simulated scenario

Contents

  • System hardening

  • Authentification and authorisation
  • Encryption
  • Firewalls
  • Attack detection
  • Malware scan
  • Data masking


Learning objectives

After the course, participants will be able to understand, implement and test appropriate security mechanisms depending on the system. This includes:

  • Understanding the concept of system hardening as well as how to test the hardening of Linux systems using OpenScap.
  • Understanding the relationship between authentication and authorisation and being able to implement appropriate mechanisms.
  • Cracking passwords using hashcat
  • Understanding encryption using https communication, recording and decrypting the browser's https communication.
  • Understanding the concept and application of firewalls in securing information systems and testing them using port scans.
  • Understanding the principle of attack detection tools and learn how to use them on a Linux system.
  • Analysing and testing potentials and limits of malware scanners
  • Detecting and eliminating data masking


Target group

Developers, system administrators, test developers

Requirements

Basics of software testing (e.g. ISQTB Certified Tester Foundation Level)

Seminar profile

Specialists and user training

Level: Advanced

Appointment: In-house seminar (by arrangement)

Duration: 1 day (6 hours)

Location: Online or in person
Fraunhofer FOKUS, Kaiserin Augusta Alle 31, 10589 Berlin
or other locations

Number of participants: 5-12

Language: German or Englisch (English teaching material)

Speaker: Dr. Jürgen Großmann, Dorian Knoblauch

Dorian Knoblauch (dorian.knoblauch@fokus.fraunhofer.de) is a research associate in the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in security testing and test automation.

Jürgen Großmann (juergen.grossmann@fokus.fraunhofer.de) is team leader of the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance, risk analysis and IT security testing in the field of critical, networked software systems in the automotive industry and the financial sector.

INNO, FOKUS-Akademie, Kontakt, 04.06.2022
golubovy/ iStock

Please contact us

Would you like individual advice or do you have any questions about our training courses? Give us a call or send us an e-mail. We will then get in touch with you.

Privacy enhancement

Privacy enhancement for events related to our privacy policy

As part of the registration for “Testing Security Mechanisms” we require the following compulsory information:

  • Title,
  • Last name, first name,
  • Address,
  • Email address,
  • Cell phone,
  • Course date.

Additionally you can provide us following optional information:

  • Degree,
  • Firm,
  • Invoice address (if devergent),
  • Position.

We collect the required data in order to identify you as participant of the event, to check the provided information for plausibility, to reserve a place for the participant in the event and to establish a contract with you. We also want to supply the participant with information during and after the event, offer the participant an optimal participation and allow us to plan and execute a smooth running event.

We need the payment data to collect the participation fees.

Collecting the voluntary information allows us to plan and conduct the event according to the interests of the participants in an age-appropriate fashion.

We process the data based on your enquiry and for the declared purposes as prescribed by Article 6 para. 1, page 1, lit. b GDPR to perform the contractual obligations toward the participants and meet the conditions precedent to entering into the contract.

We will store the personal data collected in context with the event until the end of the regular limitation period of three (3) years following the end of the year of the event. We will then delete the data unless we are obligated by law to store the data for a longer period according to compulsory safekeeping and documentation obligations pursuant to Article 6 para. 1, page 1 lit. c GDPR and in particular according to § 147 AO [General German Fiscal Code]) or unless you have agreed to a longer data storage according to Article 6 para. 1, page 1 lit. a GDPR. In case of longer data storage, we shall process the data solely to the extent mandated by law or according to your permission. As for all else, the further processing of the data shall be barred.

In the context with project registrations via Internet form, we work with our service provider Mailingwork GmbH, Birkenweg 7, 09569 Oederan, Deutschland (“Mailingwork”). The purpose of this collaboration is the professional management of online registrations to our projects. In the process, our service provider Mailingwork GmbH stores the provided data in Germany.

We entered into an order processing contract with Mailingwork GmbH. The purpose of the cooperation is the provision of project registration services. In this contract, Mailingwork GmbH agrees to process the data on our behalf in compliance with the General Data Protection Regulation (GDPR) and guarantees to comply with the rights of the affected persons. The general data protection regulations for the websites of the Mailingwork GmbH are available at: https://mailingwork.de/datenschutz/.

Contact Person
Jürgen Großmann
NGNI, Anne Halbich, Team, IIoT
Dr.-Ing. Jürgen Großmann
Head of Critical Systems Engineering
Business Unit SQC
+49 30 3463-7390
Email
Anne Halbich
Business Unit INNO
+49 30 3463-7346
Email
More About this Subject
Further modules from the seminar series 'Basics of Security Testing' are:

Logo Lernlabor Cybersicherheit
Institute Business Units
Portfolio Up to Date
Publications
Career