Presentation: Security Testing
We provide a brief introduction to the topic of security testing with focus on automotive products, followed by some specific security topics with the corresponding test methods that can be used to prevent them. We also discuss security testing over the lifecycle of a product, with the implications of these non-functional security requirements on the project as a whole. We put SW security in the wider context, including side channel attacks, HW vulnerabilities and social engineering. Specific examples will be used as illustration.
As a detailed example, we talk about fuzzing, which is considered as one of the most powerful automated software testing methods when we talk about black-box testing. Despite the fact that plenty of toolkits are available in the industry, it is very hard to adapt them to unique needs, for example to Automotive Electronic Control Unit testing. In our project we created a protocol and target device independent fuzzing toolkit, with which comprehensive test services can be provided in a reusable manner.