Detailed information regarding RASEN support for the key areas and levels below is available by selecting them. Supported areas have a blue background

Systematic and risk driven Real time assessment Continuous risk-based testing Integrated
Systematic compliance assessment Quantitative assessment Risk based testing Partially Integrated
Check list based compliance assessment Qualitative assessment Planned testing Stand alone
Ad-hoc compliance assessment Checklist assessment Unstructured testing None
Legal and compliance assessment Risk assessment Security testing Tool support

Security testing – Unstructured testing

Security testing is used to experimentally check software implementations with respect to their security properties and their resistance to attacks. For security testing we can distinguish functional security testing and security vulnerability testing. Functional security testing checks if the software security functions are implemented correctly and consistent with the security functional requirements. It is used to check the functionality, efficiency and availability of the specified security features of a test item. Security vulnerability testing directly addresses the identification and discovery of yet undiscovered system vulnerabilities. This kind of security testing targets the identification of design and implementation faults that lead to vulnerabilities that may harm the availability, confidentiality and integrity of the test item. Unstructured security testing is performed, either by the development team or by the testing team, without planning and documentation. The tests are intended to be run only once, unless a defect is discovered. The testing is neither systematic nor planned. Defects found using this method may be harder to reproduce.

There are no artefacts specifically supporting unstructured testing. To see which artefacts from the RASEN project support security testing select one of the Planned Testing or Risk-based Testing levels.