This training is a course offering of the advanced training program Learning Lab Cybersecurity and is offered by Fraunhofer FOKUS.
Practical application of test methods during an IT system attack to identify and address vulnerabilities.
iStock/ Matic Grmek
Testing Security Mechanisms
Basics of security testing
The challenge
Security in modern IT systems can be established through a variety of mechanisms. The most common ones include firewalls, malware scanners, authorisation, and authentication. Depending on the nature of the respective system, suitable mechanisms are implemented, and their effectiveness must be tested.
The solution
Testing must be carried out to ensure the effectiveness of the security mechanisms used.
The course teaches test methods and concepts for testing common security mechanisms. Basic conceptual and technical knowledge is imparted, which is illustrated by means of concrete examples. In this way, the participants can try out the test methods of the security mechanisms during an attack on an IT system. In the process, characteristic vulnerabilities are exploited, and at the same time methods are taught to identify and close them.
Your advantages at a glance
After the seminar you will be able to...
- Implement security mechanisms and apply testing methods for common security mechanisms.
This seminar offers you...
- A systematic introduction to testing security mechanisms
- Learning from practical examples
- An opportunity to try out your new knowledge in a simulated scenario
Contents
System hardening
- Authentification and authorisation
- Encryption
- Firewalls
- Attack detection
- Malware scan
- Data masking
Learning objectives
After the course, participants will be able to understand, implement and test appropriate security mechanisms depending on the system. This includes:
- Understanding the concept of system hardening as well as how to test the hardening of Linux systems using OpenScap.
- Understanding the relationship between authentication and authorisation and being able to implement appropriate mechanisms.
- Cracking passwords using hashcat
- Understanding encryption using https communication, recording and decrypting the browser's https communication.
- Understanding the concept and application of firewalls in securing information systems and testing them using port scans.
- Understanding the principle of attack detection tools and learn how to use them on a Linux system.
- Analysing and testing potentials and limits of malware scanners
- Detecting and eliminating data masking
Target group
Developers, system administrators, test developers
Requirements
Basics of software testing (e.g. ISQTB Certified Tester Foundation Level)
Seminar profile
Specialists and user training
Dorian Knoblauch (dorian.knoblauch@fokus.fraunhofer.de) is a research associate in the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in security testing and test automation.
Jürgen Großmann (juergen.grossmann@fokus.fraunhofer.de) is team leader of the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance, risk analysis and IT security testing in the field of critical, networked software systems in the automotive industry and the financial sector.
golubovy/ iStock
Please contact us
Would you like individual advice or do you have any questions about our training courses? Give us a call or send us an e-mail. We will then get in touch with you.
FOKUS at Twitter
FOKUS at Facebook
FOKUS at YouTube
FOKUS at LinkedIn
FOKUS at Xing
FOKUS at Mastodon