Seventh Framework Programme

  • Three innovations from the RASEN Project

    After two years of work on the RASEN project we outline the three most important achievements of our project. The scope of this article is to briefly introduce them and to provide information regarding related materials that are available on our website.

    1. RASEN tool-based methodology for risk based security testing and legal compliance

    The first RASEN innovation covers all areas addressed by the project. Existing tools, such as Software AG’s ARIS and the CORAS risk assessment tool are extended with new functionalities; furthermore, new tools such as RACOMAT are currently in development to provide tools support across all areas addressed by the project.

    More information is available on our website:

    Latest version of the CORAS tool

    The RACOMAT tool, including an early demo video

    The RASEN tool-supported method for risk-based security testing and compliance assessment

    The CORAL language: Why is it designed the way it is

    1. The RACOMAT tool for component-based risk-based testing

    The RACOMAT tool combines risk assessment and automated security testing in both ways: Test-Based Risk Assessment, which tries to improve risk assessment with the results of security tests and Risk-Based Security Testing, which tries to optimize security testing with results of risk assessment. The most important features of RACOMAT are:

    • Component based, low level system analysis and risk assessment
    • Security testing is a part of the risk analysis
    • Updates the risk picture based upon the test results semi automatically
    • Create, edit and share reusable artefacts
    • Intuitive graphic user interface

    More information is available on our website:

    The RACOMAT method and tool

    1. Smartesting CertifyIt extension for security testing

    The extension to Smartesting’s CertifyIt tool that is in development as part of the RASEN project allows automatic generation of test cases by composing behavioural models and executable test patterns, that result in a suite of abstract security test cases. These are then transformed into concrete JUnit tests using an adaptation layer.

    More information is available on our website:

    Efficient Detection of Multi-Step Cross-Site Scripting Vulnerabilities

    Model-Based Security Testing with Test Patterns

    14 Jan 2015 / rasen_adm / Comments Off

    Categories: News