-
Artefacts supporting partially integrated tool support
The key area ‘tool support’ specifies the degree of tool support that is available for the above mentioned key areas. Typically, tools work on their own data structures that are well suited to the task, which needs to be performed with or by the tool. Tool integration is the ability of tools to cooperate with other tools by exchaning data or sharing a common user interface. Tools are available for some of the above metioned key areas. Tool integration is based on point-to-point coalitions between tools. Point-to-point coalitions are often used in small and ad-hoc environments but have problems when it comes to more tools and larger environments (no scalability).
Tools
ARIS
The ARIS Business Architect (ABA) is proprietary software from Software AG. On top of the base installation of the ARIS Business Architect, the RASEN methodology can be added by importing the RASEN artefacts including the base package, consisting of the reports, the definition of necessary modeling elements, the macro, a preliminary set of already defined CWEs, and a predefined set of generic component types previously generated.
Usage guide: http://www.rasenproject.eu/downloads/840/
Download: Available on request
Certifyit
Smartesting CertifyIt is a tool suite that automatically generates test cases based on a model of system requirements. Manual test design is labor intensive and error prone; this manual work can be avoided for complex applications by modeling the key concepts (abstraction) and allowing Smartesting CertifyIt to automate your test design work. Since the model is more expressive and simpler than the systemunder-test, it can more readily be reviewed for correctness and coherency, as well as be updated more easily. Some plugins have been developed during RASEN project for the deployment of the RASEN approach in order to assess its accuracy and precision regarding risk-based objectives. Smartesting CertifyIt including these plugins supports UML/OCL models as the specification modeling language, and generates test cases to cover security test patterns used as test objectives.
Usage guide: http://www.rasenproject.eu/downloads/838/
Download: Available on request
CORAS
The CORAS tool is an open source diagram editor that supports the CORAS risk analysis language. The CORAS language is a graphical language whose constructs correspond to notions that are relevant during a risk analysis, e.g. threats, vulnerabilities, risks, unwanted incidents, threat scenarios and assets. The CORAS tool is intended to be used intensively during workshops where information is gathered through structured brainstorming. The tool is also intended to be used to document a risk analysis and to present the risk analysis results. The CORAS tool is designed to support on-the-fly modeling using all five kinds of basic CORAS diagrams, thus facilitating the entire CORAS risk analysis process.
Usage guide: http://www.rasenproject.eu/downloads/834/
Download: http://coras.sourceforge.net
Fuzzino
Fuzzino is a library that provides generation of test data for fuzz testing. With fuzzing, you are able to find security-related weaknesses in your code. It’s about injecting invalid or unexpected input data to a system under test. That way, security-relevant vulnerabilities may be detected when the system under test processes such data instead of rejecting it. You can integrate Fuzzino into your testing tool in order to enable it for fuzz testing. Please keep in mind that Fuzzino is not a full-featured fuzzing tool. It is a test data generator for enabling your testing tool to perform fuzzing.
Download: https://github.com/fraunhoferfokus/Fuzzino
18 Nov 2015 / rasen_adm / Comments Off
Artefacts supporting quantitative risk assessment Artefacts supporting integrated tool support