Detailed information regarding RASEN support for the key areas and levels below is available by selecting them. Supported areas have a blue background
|Systematic and risk driven||Real time assessment||Continuous risk-based testing||Integrated|
|Systematic compliance assessment||Quantitative assessment||Risk based testing||Partially Integrated|
|Check list based compliance assessment||Qualitative assessment||Planned testing||Stand alone|
|Ad-hoc compliance assessment||Checklist assessment||Unstructured testing||None|
|Legal and compliance assessment||Risk assessment||Security testing||Tool support|
Artefacts supporting partially integrated tool support
The key area 'tool support' specifies the degree of tool support that is available for the above mentioned key areas. Typically, tools work on their own data structures that are well suited to the task, which needs to be performed with or by the tool. Tool integration is the ability of tools to cooperate with other tools by exchaning data or sharing a common user interface. Tools are available for some of the above metioned key areas. Tool integration is based on point-to-point coalitions between tools. Point-to-point coalitions are often used in small and ad-hoc environments but have problems when it comes to more tools and larger environments (no scalability).
The ARIS Business Architect (ABA) is proprietary software from Software AG. On top of the base installation of the ARIS Business Architect, the RASEN methodology can be added by importing the RASEN artefacts including the base package, consisting of the reports, the definition of necessary modeling elements, the macro, a preliminary set of already defined CWEs, and a predefined set of generic component types previously generated.
Usage guide: http://www.rasenproject.eu/downloads/840/
Download: Available on request
Smartesting CertifyIt is a tool suite that automatically generates test cases based on a model of system requirements. Manual test design is labor intensive and error prone; this manual work can be avoided for complex applications by modeling the key concepts (abstraction) and allowing Smartesting CertifyIt to automate your test design work. Since the model is more expressive and simpler than the systemunder-test, it can more readily be reviewed for correctness and coherency, as well as be updated more easily. Some plugins have been developed during RASEN project for the deployment of the RASEN approach in order to assess its accuracy and precision regarding risk-based objectives. Smartesting CertifyIt including these plugins supports UML/OCL models as the specification modeling language, and generates test cases to cover security test patterns used as test objectives.
Usage guide: http://www.rasenproject.eu/downloads/838/
Download: Available on request
The CORAS tool is an open source diagram editor that supports the CORAS risk analysis language. The CORAS language is a graphical language whose constructs correspond to notions that are relevant during a risk analysis, e.g. threats, vulnerabilities, risks, unwanted incidents, threat scenarios and assets. The CORAS tool is intended to be used intensively during workshops where information is gathered through structured brainstorming. The tool is also intended to be used to document a risk analysis and to present the risk analysis results. The CORAS tool is designed to support on-the-fly modeling using all five kinds of basic CORAS diagrams, thus facilitating the entire CORAS risk analysis process.
Usage guide: http://www.rasenproject.eu/downloads/834/
Fuzzino is a library that provides generation of test data for fuzz testing. With fuzzing, you are able to find security-related weaknesses in your code. It's about injecting invalid or unexpected input data to a system under test. That way, security-relevant vulnerabilities may be detected when the system under test processes such data instead of rejecting it. You can integrate Fuzzino into your testing tool in order to enable it for fuzz testing. Please keep in mind that Fuzzino is not a full-featured fuzzing tool. It is a test data generator for enabling your testing tool to perform fuzzing.