Cybersecurity Best Practice – From TARA to PenTest
TTS
Lecture by Dr. Christof Ebert, Vector Consulting, at the 3rd Vector Automotive Cybersecurity Symposium on April 3, 2019 in Stuttgart, Germany
Information about the event and download of the lectures: https://www.vector.com/vses2019
Cybersecurity must be implemented in a risk-oriented manner in order to demonstrably mitigate the liability risk. Christof Ebert introduces risk-based security engineering for the entire life cycle. He also presents security-by-design and security over the entire life cycle - e.g. through the use of hardware security modules (HSM). The combination of safety and security shows, using AUTOSAR as an example, how the learning curve can be mastered efficiently.
Dr. Ebert explains that the classic coverage test is no longer sufficient and that the procedure of hackers should be taken into account during testing. Negative requirements help for early securing and to prepare the later grey-box Penetration Test. To increase software quality, he presents the Vector SecurityCheck with the COMPASS tool, which is used for threat and risk analysis (TARA) and continuous documentation. This is followed by the presentation of a case study in which Vector carried out Grey-Box pen testing on a gateway ECU.
The Cybersecurity portfolio of Vector Consulting Services https://consulting.vector.com/vc_security_en.html
An overview on all Security products from Vector: https://www.vector.com/security/
source
Gloss