Security tests throughout the software life cycle
Basics of security testing
Security requirements for modern IT systems are increasing and cannot be realised by constructive measures alone. More than 90 percent of all software security incidents are caused by attackers exploiting known security vulnerabilities. The majority of these are based on programming errors. Systematically dovetailing security testing activities with other life cycle activities in the software development process makes it possible to identify security gaps at an early stage and thus eliminate them cost-effectively.
The course teaches the general basics of security testing. Specific security testing methods, selection criteria for security testing techniques, the individual test steps and their role in the development cycle are explained. The course references established testing and security testing standards as well as the procedures and techniques described therein.
Your advantages at a glance
- Apply basic safety testing methods
- Select basic security testing techniques
- Apply simple security testing measures in the software life cycle
- Systematic introduction to the basics of security testing
- Systematic integration of security testing techniques with the activities of a software life cycle
- Introduction to security testing techniques such as fuzzing, scanning etc.
- The role of security testing in the requirements specification
- The role of security testing in design
- The role of security testing in the implementation phase
- Security tests during system and acceptance tests
- Security tests in maintenance
After the course, participants will be able to carry out simple threat analyses for classic Internet applications and, on the basis of these, to classify security risks, formulate security test objectives and systematically create and carry out security tests.
- Analyse a given set of requirements from a security perspective to identify deficiencies
- Analysis of a given design document from a security perspective to identify vulnerabilities
- Understand the role of security testing during the component test phase
- Design of component-level (abstract) security tests against a defined implementation specification.
- Analysis of the results of component-level tests to determine the adequacy of the code from a security perspective
- Understand the basic principles of a static code checker (e.g., Sonarqube/Sonarlint).
- For a given project scenario: Demonstrate the ability to apply an automated static code checker and understand the pitfalls of automation.
- Create an end-to-end security test scenario that verifies one or more specified security requirements and tests a described functional process
- Define a set of acceptance criteria for the security aspects of a particular acceptance test.
- Create an end-to-end approach for security testing/regression testing based on a given scenario
- Understand the differences between regression testing, re-testing and penetration testing
Product managers, project managers in product development, product developers, requirements developers, test developers, test analysts, test managers, acceptance testers, quality managers and consultants
Basics of software testing (e.g., ISQTB Certified Tester Foundation Level)
Specialists and user training
Appointment: In-house seminar (by arrangement)
Duration: 1 day (6 hours)
Location: Online or in person (Fraunhofer FOKUS, Kaiserin Augusta Alle 31, 10589 Berlin or other locations)
Number of participants: 5-12
Language: German or English (English teaching material)
Speakers: Dr. Jürgen Großmann, Dorian Knoblauch
Jürgen Großmann is team leader of the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance, risk analysis and IT security testing in the field of critical, networked software systems in the automotive industry and the financial sector.
Dorian Knoblauch is a research assistant in the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS.
Please contact us
Would you like individual advice or do you have any questions about our training courses? Give us a call or send us an e-mail. We will then get in touch with you.
As part of the registration for “Security tests throughout the software life cycle” we require the following compulsory information:
- Last name, first name,
- Email address,
- Cell phone,
- Course date.
Additionally you can provide us following optional information:
- Invoice address (if devergent),
We collect the required data in order to identify you as participant of the event, to check the provided information for plausibility, to reserve a place for the participant in the event and to establish a contract with you. We also want to supply the participant with information during and after the event, offer the participant an optimal participation and allow us to plan and execute a smooth running event.
We need the payment data to collect the participation fees.
Collecting the voluntary information allows us to plan and conduct the event according to the interests of the participants in an age-appropriate fashion.
We process the data based on your enquiry and for the declared purposes as prescribed by Article 6 para. 1, page 1, lit. b GDPR to perform the contractual obligations toward the participants and meet the conditions precedent to entering into the contract.
We will store the personal data collected in context with the event until the end of the regular limitation period of three (3) years following the end of the year of the event. We will then delete the data unless we are obligated by law to store the data for a longer period according to compulsory safekeeping and documentation obligations pursuant to Article 6 para. 1, page 1 lit. c GDPR and in particular according to § 147 AO [General German Fiscal Code]) or unless you have agreed to a longer data storage according to Article 6 para. 1, page 1 lit. a GDPR. In case of longer data storage, we shall process the data solely to the extent mandated by law or according to your permission. As for all else, the further processing of the data shall be barred.
In the context with project registrations via Internet form, we work with our service provider Mailingwork GmbH, Birkenweg 7, 09569 Oederan, Deutschland (“Mailingwork”). The purpose of this collaboration is the professional management of online registrations to our projects. In the process, our service provider Mailingwork GmbH stores the provided data in Germany.
We entered into an order processing contract with Mailingwork GmbH. The purpose of the cooperation is the provision of project registration services. In this contract, Mailingwork GmbH agrees to process the data on our behalf in compliance with the General Data Protection Regulation (GDPR) and guarantees to comply with the rights of the affected persons. The general data protection regulations for the websites of the Mailingwork GmbH are available at: https://mailingwork.de/datenschutz/.