Training Automotive Security Testing
If you don't actively attack risks, they will actively attack you. Security is never comprehensive but can be vastly improved with risk-oriented testing. This implies an optimized mix of test strategies and suitable tools. Risk-oriented security with dedicated test methods and appropriate tools is the call of the day. Security test must start with static code analysis, proceed with unit test and further advance with dedicated methods such as fuzzing and robustness tests up to the level of penetration testing (Pen-Test). This workshop will briefly introduce to risk-oriented security engineering and then dive into appropriate test methods and tools.
Like all verification and validation methods, cybersecurity testing needs experience to select the best methods, determine test end criteria and a lean yet effective regression strategy capable for continuous integration and deliveries. Often we see companies that test components and their interfaces, while overlooking security threats in networking and services. For that matter we have enriched the training with hands-on experiences from our security consulting projects. Participants are invited to actively engage with their questions.
Additional bonus: Attendees receive our current white papers on cybersecurity as PDF.
Customer Reference
"Outstanding level of expertise in cybersecurity."
- Michael Prantke, Panasonic
Workshop Agenda
Motivation: connectivity and cyberattacks, , terminology and standards
- Need for automotive cybersecurity, common attacks and vulnerabilities
- Overview and terminologies used in ISO 21434 - road vehicles cybersecurity standard
Risk-oriented cybersecurity engineering
- System engineering principles for security testing
- Threat analysis and risk assessment method: Security analysis technique as per ISO 21434
Security testing methods
- Secure coding, code quality analysis
- Fuzz testing techniques: Signal fuzz testing and frame fuzz testing
- Penetration testing methodology: 10-step grey-box penetration test with case study
Security testing in practice
- Software, hardware tools and test setup for security testing
- Prerequisites for fuzzing and penetration testing
- Demo: Live fuzzing on ECU Simulator
Discussion and resources
For training plan, prices and registration, please visit :
Discussion Groups
Topics include:
- Cost versus benefit: How to optimize security testing along the life-cycle
- Making penetration test effective: From black box to grey box
- Which tools and methods for which purpose
- Future Outlook, Discussion and Conclusion
Inhouse Formats
Do you want to adapt this training to your own examples and challenges? Looking for a workout that delivers practical exercises adjusted to your environment? Then, we suggest that you have this training conducted in-house, where you can decide on focus, speed and the training schedule. We also offer dedicated crash courses for employees and management.
Language: German or English.
On request, we offer our inhouse trainings in Chinese, French, Korean and Turkish.
Target Audience
Engineers in product development, system and software engineers, security and safety engineers and managers, architects, engineering managers, project managers, purchasing, quality managers.
Knowhow
How may we help you?
Wang Zhen | Senior Consultant
Vector Automotive Technology (Shanghai) Co., Ltd.
27F, Sunyoung Center
No. 398 Jiangsu Road, Changning District
Shanghai 200050
P.R. China
Tel.: +86 21 - 2285 8020
E-Mail: Zhen.Wang(at)vector.com