(Softwaretechnik-Trends Band 34, Heft 3, 2014) Berger, Michael
Many approaches are developed for efficient identification and estimation of security risks. One big challenge is to prioritize the related test cases of identified risks. The effort and costs of security testing can be high and the budget is limited. The challenge is to get a proper proportion between test effort and potential system harm. Based on the results of security testing countermeasures can be implemented to achieve a proper security level for a system. In the RASEN project, one goal is to develop riskbased security testing methods and tools as well as a methodology for risk-based security testing.