Cybersecurity and Penetration Testing for Medical Systems
In this article we show how an enhanced TARA-based grey-box PenTest (GBPT) needs less test cases while being more effective in terms of coverage while indicating less false positives. With its integration to test-oriented requirements engineering (TORE), it supports a true triple peak method, connecting requirements elicitation, analysis and test strategy. A side effect of GBPT is its minimum viable test set which eases regression testing in agile development and redeliveries, while still being FDA compliant. This article introduces to the GBPT method and applies it to a real-world insulin pump, thus showing its handling and benefits. KPIs are introduced to show efficiency and effectiveness of GBPT.