Fraunhofer FOKUS | Security Testing Processes

Security Testing Processes

Basics of Security Testing

The Challenge

Security requirements for modern IT systems are increasing and cannot be realised by constructive measures alone. More than 90 percent of all software security incidents are caused by attackers exploiting known security vulnerabilities. The majority of these are based on programming errors. By planning, monitoring, and executing systematic security testing processes, vulnerabilities can be comprehensively and traceably identified and remediated, and progress and completion can be measured and determined.

The Solution

The course teaches the general principles and structure of security testing processes. These are considered in the context of different application life cycle models. The concrete tasks in the different phases of the security testing process are analysed. Practical security tests are explained and carried out along the different phases. Some typical vulnerabilities and test methods are explained. The organisational framework conditions of security testing in the phases of the security testing process are also considered.

The training is a module of the seminar series: Basics of Security Testing.

Contents

Definition of security test processes

Learning objectives

After the course, participants will be able to select, plan, implement and analyse the most important activities for a systematic security process.

Define the elements of an effective security testing process for a given project
Analyse a given security test plan and identify its strengths and weaknesses
Design of conceptual (abstract) security tests based on a given security testing approach and identified functional and structural security risks for a given project.
Design of test cases for the validation of security policies and procedures
Understanding the key elements and features of an effective security testing environment
Understand the importance of planning and approval before conducting security tests
Analysis of the results of security tests for reporting purposes
Understanding the need to revise security expectations and acceptance criteria
Understand the need to keep security test results confidential and secure
Understand the need to establish appropriate data collection controls and mechanisms to provide source data for security test status reports in a timely, accurate and precise manner
Analysis of a given interim report on the status of security testing to determine the level of accuracy, understandability, and appropriateness for stakeholders

Target group

Product managers, project managers in product development, product developers, requirements developers, test developers, test analysts, test managers, acceptance testers, quality managers and consultants

Requirements

Basics of software testing (e.g. ISQTB Certified Tester Foundation Level)

Course data

Specialists and user training

Level	Basic
Event Format	Online or in person
Dates	By arrangement
Language	German or English (English teaching material)
Duration	1 day (6 hours)
Number of participants	5-12
Lecturers	Martin Schneider, Dorian Knoblauch
Location	Fraunhofer FOKUS, Kaiserin Augusta Alle 31, 10589 Berlin or other locations

Martin Schneider is team leader of the testing group in the Quality Engineering business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance and security testing in the field of networked software systems.

Dorian Knoblauch is a research assistant in the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS.

FRAUNHOFER INSTITUTE FOR OPEN COMMUNICATION SYSTEMS

Security Testing Processes

Security Testing Processes

Basics of Security Testing

Your advantages at a glance

Course data

Specialists and user training

Please contact us