Fraunhofer Institute for Open Communication Systems
Fraunhofer Institute for Open Communication Systems

Security Tests Throughout the Software Life Cycle

Basics of security testing

The Challenge

Security requirements for modern IT systems are increasing and cannot be realised by constructive measures alone. More than 90 percent of all software security incidents are caused by attackers exploiting known security vulnerabilities. The majority of these are based on programming errors. Systematically dovetailing security testing activities with other life cycle activities in the software development process makes it possible to identify security gaps at an early stage and thus eliminate them cost-effectively.

The Solution

The course teaches the general basics of security testing. Specific security testing methods, selection criteria for security testing techniques, the individual test steps and their role in the development cycle are explained. The course references established testing and security testing standards as well as the procedures and techniques described therein.

Overview of the Training »Security Testing Throughout the Entire Software Lifecycle«

Eventy Type Online, on-site, or in-house seminar
Level Basic
Prerequisites Fundamentals of software testing (e.g., ISTQB Certified Tester Foundation Level)
Duration 1 day (6 hours)
Dates

By arrangement
Language German or English (English course materials)
Content
  • Role of security testing in requirements specification
  • Role of security testing in design
  • Role of security testing in the implementation phase
  • Security testing during system and acceptance testing
  • Security testing in maintenance
Group Size 5-12
Location Online or on-site at Fraunhofer FOKUS, Kaiserin-Augusta-Allee 31, 10589 Berlin

Currently, there are no scheduled dates for this course. Feel free to contact us for personalized advice or further information.

Contact Request
Your Advantages at a Glance

After the seminar you will be able to...

  • Apply basic safety testing methods
  • Select basic security testing techniques
  • Apply simple security testing measures in the software life cycle 

This seminar offers you...

  • Systematic introduction to the basics of security testing
  • Systematic integration of security testing techniques with the activities of a software life cycle
  • Introduction to security testing techniques such as fuzzing, scanning etc.
Learning Objectives

After the course, participants will be able to carry out simple threat analyses for classic Internet applications and, on the basis of these, to classify security risks, formulate security test objectives and systematically create and carry out security tests.

  • Analyse a given set of requirements from a security perspective to identify deficiencies
  • Analysis of a given design document from a security perspective to identify vulnerabilities
  • Understand the role of security testing during the component test phase
  • Design of component-level (abstract) security tests against a defined implementation specification.
  • Analysis of the results of component-level tests to determine the adequacy of the code from a security perspective
  • Understand the basic principles of a static code checker (e.g., Sonarqube/Sonarlint).
  • For a given project scenario: Demonstrate the ability to apply an automated static code checker and understand the pitfalls of automation.
  • Create an end-to-end security test scenario that verifies one or more specified security requirements and tests a described functional process
  • Define a set of acceptance criteria for the security aspects of a particular acceptance test.
  • Create an end-to-end approach for security testing/regression testing based on a given scenario
  • Understand the differences between regression testing, re-testing and penetration testing
Target Groups

Product managers, project managers in product development, product developers, requirements developers, test developers, test analysts, test managers, acceptance testers, quality managers and consultants

The Trainers

Dr. Jürgen Großmann

Jürgen Großmann is team leader of the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance, risk analysis and IT security testing in the field of critical, networked software systems in the automotive industry and the financial sector. 

Dr. Johannes Viehmann

Dr. Johannes Viehmann is a Senior Researcher and Project Manager in the Critical Systems Engineering group within the SQC business unit at Fraunhofer Institute FOKUS. He is an expert in safety-critical, highly networked systems, trust-building concepts, and risk management.

Contact

Contact Press / Media

Anne Halbich

Fraunhofer Institute for Open Communication Systems
Kaiserin-Augusta-Allee 31
10589 Berlin, Germany

Phone +493034637346

Melden Sie sich zu unserem Newsletter an!

Erhalten Sie regelmäßig Neuigkeiten und exklusive Inhalte direkt in Ihr Postfach.
Bitte füllen Sie das Pflichtfeld aus.

Bitte füllen Sie das Pflichtfeld aus.