• No results found

Test Prioritization in Security Risk Testing

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Test Prioritization in Security Risk Testing"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

Test Prioritization in

Security Risk Testing

36. GI-TAV

26. – 27. June, Leipzig - Deutschland Michael Berger,

(2)
(3)

IT security risk definition

The Potential that a

threat

will exploit a

vulnerability

of an

asset or group of assets

and thereby cause harm to the organization

(Source ISO 27000)
(4)

Risk assessement (ISO 31000 / 2009)

Risk identification:

identifying sources of risk, areas of impacts, events, their causes and their potential consequences

Risk analysis: comprehend the nature of risk and to determine the level of risk

Risk evaluation: comparing the results of risk estimation with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable

Risk treatment: modify risk by avoidance or mitigations

(5)

Dynamic test process (DRAFT ISO 29119-2)

Test planning: determine test strategy, resource planning

Test design : deriving the test cases and test procedures.

Test implementation:

realizing the executable test scripts.

Test execution: running the test procedure resulting from the test design and

implementation phases.

Test reporting: managing the test incidents and the test results.

(6)

Optimizing security testing activities

Security testing

Test planning

Test design

Test implementation

Test execution

Test reporting

Security risk

assessment

• Risk-based

security test

identification

• Risk-based

security test

selection

& prioritisation

(7)

Optimizing security risk assessment

Security risk assessment

Establishing context

Risk identification

Risk analysis

Risk evaluation

Risk treatment

Security testing

• Test-based risk

identification

(identifying new

risk factors)

• Test-based

reassessment of

risk values (e.g.

probabilities)

(8)

Risk-based security testing goals

Providing arguments by experiments

Risk assessment

Test planning & test design

Test execution Test reporting

Provide arguments for the

absence of potential vulnerabilities.

Provide arguments for the

functional correctness of treatment

scenarios

and

countermeasures.

Discover

unknown

risk factors

(i.e. vulnerabilities)

(9)
(10)

Model-based security risk assessment

The CORAS approach

Source: http://coras.sourceforge.net/

• Developed by

Scandinavian

research organisation

SINTEF

• CORAS consists of

• Method for risk

analysis

• Language for risk

modeling

• Tool for editing

diagrams

(11)

Model-based security risk assessment

The CORAS approach

Threat (agent) Threat scenario Treatment scenario Vulnerability Unwanted incident Consequence

(12)

Risk evaluation

Risk = rv (Likelihood, Consequence)

(13)

Model-based security risk assessment

CORAS example (HBGary hack)

(14)
(15)

Risk-based security testing

Qualitative approach:

Risk-based test identification

What should be tested?

Starting point:

 Vulnerabilities

 Threat scenarios

 Treatment scenarios

Quantitative approach

:

Risk-based test selection & prioritisation

How much/intensive should be tested?

Starting point:

 Test objective specification  Test scenario specification

(16)

Risk-based security test identification

Security Test Pattern

Security test pattern

consists of:

Mandatory attributes, i.e. id

and name

parameters for test

assessment

Descriptions and procedures

for manually testing

Parameters for automatically

testing (stimulation and

observation)

(17)

Risk-based security test identification

Decomposing the overall scenario

TP: Detection of vulnerability to data structure attacks Observation: Stimulus: Do different kind of SQL injections

(18)

TP: Detection of vulnerability to data structure attacks TP: Cryptographic strength tests TP: Software configuration and update checks

Security test prioritization

Calculating overall risk contribution of items

high

(19)

Security test prioritization

Calculating overall risk contribution of items

The potential that a threat will exploit a vulnerability of an asset or group of assets and thereby cause harm to the organization (Source ISO 27000)

Testing to find an argument for the absence of potential vulnerabilities.

 Calculate and rate the risks (probability of unwanted incidents * consequence).

 Identify the vulnerabilities with the highest impact to the most critical risks. Additional issues to be considered:

 Impact of the vulnerability to the probability success probability of the threat scenario

 Efforts needed to sufficiently test for a vulnerability

 Quality of tests and test coverage

0.5

0.9

TP: Detection of vulnerability to data structure attacks
(20)

Fraunhofer Institute for

Open Communication Systems

FOKUS

Kaiserin-Augusta-Allee 31

10589 Berlin, Germany

Tel.

+49 (30) 34 63 -7000

Fax

+49 (30) 34 63 -8000

[email protected]

www.fokus.fraunhofer.de

Contact

Innovation Center for

Cost-Effective Systems Quality

http://s.fhg.de/sqc

Prof. Dr.-Ing.

Ina Schieferdecker

Tel. +49 (30) 3463-7241

[email protected]

Jürgen Großmann

Tel. +49 (30) 3463-7390

[email protected]

References

Download now ( PDF - 20 Page - 1.30 MB )

Related documents

The consolidation of the Central Authority in Afghanistan under Amir 'Abd al-Rahman, 1880-1896.

Following the death of Amir Sher 'Ali in 1879, his son and successor, Mohammad Ya'qub, appointed General Ghulam Haydar Wardak as Governor of Turkistan, The

The Problems of Legal Regulation of the Investment Agreement in the Subsoil in the Republic of Kazakhstan

4) The agreement is based on a special government approval, request specific investor specific legal regime, and the basic conditions, which are usually contained in the

presents The 15 th Annual Symposium & Exhibition Attend Learn Grow

While financial advisors can help investors find the appropriate mix of real assets in their portfolios, we are here to educate you on diversifying your portfolio using the

Speech perception in noise in the elderly: interactions between cognitive performance, depressive symptoms, and education

Conclusion: Level of education, cognitive performance, and depressive symptoms influence the speech perception in noise of elderly hearing aids users.. The better the cognitive level

User-Oriented Measures of Telecommunication Quality

Subjective Tests Subjective Data Set Objective Data Set Statistical Analysis User-Oriented Objective Quality Measures Video- Voice Source Material Video-Voice Transmission

How New York Drinks: If and How Third-Party Providers can Integrate with the Three-Tier System

licensee relationship violated the ABC Law where “[the] method of operation allows an unlicensed advertiser to exercise a high degree of control over the business operations of

Published Ahead of Print on April 16, 2012 as /JCO J Clin Oncol by American Society of Clinical Oncology INTRODUCTION

Cumulative incidence plots of prostate cancer–specific death following biochemical failure split by (A) interval to biochemical failure (IBF) at 18 months, (B) prostate-specific

Advertising Appeals and Willingness to Pay for a Music Streaming Service

In terms of music involvement, the guilt appeal produced higher purchase intention for both high and low musically involved respondents than the rational and fear