Browse ASA Domains

Cybersecurity Manager

Testing aspects of cybersecurity

The Unit addresses the different test levels and test methods to be applied in cybersecurity development.
- The trainee knows of testing aspects of cybersecurity
- The trainee knows of different testing types and methods for cybersecurity
- The trainee knows test methods proposed by automotive norms

Cybersecurity verification at SW level:

This element includes aspects of what is required in SW testing to cover the cybersecure relevant SW requirements.

CYBERENG.U4.E1.PC1

General: The trainee knows about the test methods proposed by the automotive norms and guidebooks (e.g. ISO/SAE 21434, SAE J3061, UNECE regulations, and other available knowledge sources such as the OWASP project).

CYBERENG.U4.E1.PC2

SW unit test related: The trainee knows about the MISRA check using the extension for cybersecurity.

CYBERENG.U4.E1.PC3

SW unit verification related: The trainee knows about cybersecure relevant criteria to be applied informal code reviews (using the available libraries, knowledge databases like OWASP and guidelines).

CYBERENG.U4.E1.PC4

SW integration test-related: The trainee knows the cybersecure critical software data and develops test cases to attack the data and assure that the preventive mechanisms are working.

CYBERENG.U4.E1.PC5

SW integration test-related: The trainee knows about the configuration of a secure communication stack and checks the configuration.

CYBERENG.U4.E1.PC6

SW integration test-related: The trainee knows the criticality of the communication between the main controller OS and the firmware in the HSM and extra test cases to verify their sufficient integration.

CYBERENG.U4.E1.PC7

SW function test-related: The trainee knows the significance cybersecure critical software functions and develops test cases to attack the software function (e.g. calling it with an unauthorised session ID) and assure that the preventive mechanisms are working.

CYBERENG.U4.E1.PC8

SW function test-related: The trainee knows how to test different diagnostic services requested by the cybersecurity protocols and their impact on cybersecurity.

CYBERENG.U4.E1.PC9

SW penetration test-related (integration and functional test in SW): The trainee knows the concept of penetration testing and how to involve such external penetration testing (hacker) teams.

CYBERENG.U4.E1.PC10

Traceability: The trainee knows how to link cybersecurity critical SW requirements to test cases and test results.