Sicherheitsmechanismen
Practical application of test methods during an IT system attack to identify and address vulnerabilities. iStock/ Matic Grmek

Testing Security Mechanisms

Basics of security testing

The challenge

Security in modern IT systems can be established through a variety of mechanisms. The most common ones include firewalls, malware scanners, authorisation, and authentication. Depending on the nature of the respective system, suitable mechanisms are implemented, and their effectiveness must be tested.

The solution

Testing must be carried out to ensure the effectiveness of the security mechanisms used.

The course teaches test methods and concepts for testing common security mechanisms. Basic conceptual and technical knowledge is imparted, which is illustrated by means of concrete examples. In this way, the participants can try out the test methods of the security mechanisms during an attack on an IT system. In the process, characteristic vulnerabilities are exploited, and at the same time methods are taught to identify and close them.

This training is a course offering of the advanced training program Learning Lab Cybersecurity and is offered by Fraunhofer FOKUS.

Your advantages at a glance

After the seminar you will be able to...

  • Implement security mechanisms and apply testing methods for common security mechanisms.

This seminar offers you...

  • A systematic introduction to testing security mechanisms
  • Learning from practical examples
  • An opportunity to try out your new knowledge in a simulated scenario

Contents

  • System hardening

  • Authentification and authorisation
  • Encryption
  • Firewalls
  • Attack detection
  • Malware scan
  • Data masking


Learning objectives

After the course, participants will be able to understand, implement and test appropriate security mechanisms depending on the system. This includes:

  • Understanding the concept of system hardening as well as how to test the hardening of Linux systems using OpenScap.
  • Understanding the relationship between authentication and authorisation and being able to implement appropriate mechanisms.
  • Cracking passwords using hashcat
  • Understanding encryption using https communication, recording and decrypting the browser's https communication.
  • Understanding the concept and application of firewalls in securing information systems and testing them using port scans.
  • Understanding the principle of attack detection tools and learn how to use them on a Linux system.
  • Analysing and testing potentials and limits of malware scanners
  • Detecting and eliminating data masking


Target group

Developers, system administrators, test developers

Requirements

Basics of software testing (e.g. ISQTB Certified Tester Foundation Level)

Seminar profile

Specialists and user training

LevelAdvanced
Event Format

Online or in person

Dates

By arrangement

LanguageGerman or English (English teaching material)
Duration
1 day (6 hours)
Number of participants
5-12
LecturersDr. Jürgen Großmann, Dorian Knoblauch
LocationFraunhofer FOKUS, Kaiserin Augusta Alle 31, 10589 Berlin
or other locations

Dorian Knoblauch (dorian.knoblauch@fokus.fraunhofer.de) is a research associate in the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in security testing and test automation.

Jürgen Großmann (juergen.grossmann@fokus.fraunhofer.de) is team leader of the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance, risk analysis and IT security testing in the field of critical, networked software systems in the automotive industry and the financial sector.

INNO, FOKUS-Akademie, Kontakt, 04.06.2022
golubovy/ iStock

Please contact us

Would you like individual advice or do you have any questions about our training courses? Give us a call or send us an e-mail. We will then get in touch with you.