-
CORAS Tool v1.4 Released
The CORAS tool is an open-source diagram editor that accompanies the CORAS method for risk-analysis. As an important piece in the RASEN methodology, all three of our use cases employ CORAS tooling. The latest version of the tool is 1.4 and comes with the following improvements: Speed optimization – performance is no longer suffers significantly […]
January 5, 2015 / rasen_adm / Comments Off
Read More » -
Risk-Based Security Testing Primer
The goal of risk-based security testing is to improve the security testing process in order to cover especially risky areas of the application under test and at the same time minimize the time to market and to improve the use of resources by focusing testing work on areas with the highest risks. As such, risk-based […]
December 19, 2014 / rasen_adm / Comments Off
Read More » -
Component-oriented Pattern-driven Security Testing with RACOMAT
Our RACOMAT tool combines component based, low level risk assessment with security testing. RACOMAT facilitates undertaking risk analyses for component-based testing and produces reusable risk assessment artifacts in well-known formats. Furthermore RACOMAT is integrated with external data bases such as the MITRE CAPEC and the MITRE CWE. As main functionalities, our tool allows for semi-automated […]
December 5, 2014 / rasen_adm / Comments Off
Read More » -
The RASEN tool-supported method for risk-based security testing and compliance assessment
The RASEN method is focused on: Risk-based compliance assessment Test-based security risk assessment Risk-based security testing Conforming to the ISO/IEC 3100 standard, it integrates risk and compliance assessment together with security testing and is applicable to different levels of abstraction: Legal risk and compliance assessment, Security risk assessment, and Security testing The proposed risk-based […]
November 5, 2014 / rasen_adm / Comments Off
Read More » -
The RACOMAT Tool
Security Risks – Why just identifying risks is not enough Until September 2013, in the context of the global surveillance disclosures, the German government justified NSA spying, because “security is a super basic right” (Hans-Peter Friedrich, German minister of the interior, own translation) and surveillance is necessary to fight terrorism and other threats. Their opinion […]
October 24, 2014 / rasen_adm / Comments Off
Read More » -
2nd RISK Workshop at ISSRE 2014
2nd International Workshop on Risk Assessment and Risk-driven Testing (RISK) will be part of the ISSRE 2014 conference in Naples, Italy. The RISK workshop will be held on November 5th, starting 09:00 in the H – Normanna room. Workshop Motivation The organization of the workshop is motivated by the continuous rise of software complexity with […]
October 13, 2014 / rasen_adm / Comments Off
Read More » -
General Assembly in Trondheim, Norway
RASEN project members are meeting on October 7th and 8th at use case partner EVRY‘s location in Trondheim, Norway. The main objectives of the meeting are: Assessment of the work undertaken during the second year of the project. The second year timeframe has brought significant advancement to our project, including the development of several automation […]
October 7, 2014 / rasen_adm / Comments Off
Read More » -
Risk-Based Testing at ISoLA 2014
The 6th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA) will take place between 08-11 October 2014 in Corfu, Greece. Our project will be represented within the Risk-Based Testing Track that is organized by Michael Felderer, Marc-Florian Wendland and Ina Schieferdecker. The track is scheduled to start on Wednesday, October 8th […]
October 1, 2014 / rasen_adm / Comments Off
Read More » -
RASEN at UCAAT 2014
Our congratulations go to all researchers for a succesful conference at UCAAT 2014 in Munich! Our project has contributed with several co-authored papers in risk assessment, test selection and prioritization as well as tooling support: From Test Legacy to Model-Based Testing Arnaud Bouzy, Bruno Legeard, Smartesting, France Model-‐Based Security Testing with Test Patterns Julien Botella, […]
September 25, 2014 / rasen_adm / Comments Off
Read More » -
CRSTIP web tool
We are currently working hard to implement a tool that will help stakeholders assess their organization with regards to several key areas targeted by the RASEN project. In its first incarnation, the CRSTIP web-based tool will provide information regarding CRSTIP key areas and levels and will allow its users to select the current level of […]
September 18, 2014 / rasen_adm / Comments Off
Read More »