Compositional Risk Assessment

and Security Testing of Networked Systems

Security testing – Continuous risk-based testing

Security testing is used to experimentally check software implementations with respect to their security properties and their resistance to attacks. For security testing we can distinguish functional security testing and security vulnerability testing. Functional security testing checks if the software security functions are implemented correctly and consistent with the security functional requirements. It is used to check the functionality, efficiency and availability of the specified security features of a test item. Security vulnerability testing directly addresses the identification and discovery of yet undiscovered system vulnerabilities. This kind of security testing targets the identification of design and implementation faults that lead to vulnerabilities that may harm the availability, confidentiality and integrity of the test item. Continuous risk based security testing is a process of continuously monitoring and testing a system with respect to potential vulnerabilities. Security risk analysis results are still used to focus the security testing and optimize the ressource planning. Any evolution of the system, of the environnement of the system or of the indentified threats, leads to update the security testing so that vulnerabilities could be detected throughout the whole life cycle of the software product.

There are no artefacts specifically supporting continuous risk-based testing. To see which artefacts from the RASEN project support security testing select one of the Planned Testing or Risk-based Testing levels.

Categories: Continuous risk-based testing

Risk assessment – Real time assessment Artefacts supporting planned security testing