Security testing approaches in industry and standardization

Security and model-based testing are no new topics but still under development and of high interest. In particular, their combination is still a challenge for academic work and industrial applications. Systematic and automated security testing include e.g. security functional testing, Model-based fuzzing, Risk-oriented testing and the usage of security test pattern. National and international standardization committees provide significant efforts by their working groups in the context of security testing. They cover fundamental frameworks but also detailed test specifications for concrete technologies. The range of activities is very large and includes classical concepts from security evaluation using common criteria (CCRA) but also European activities from ETSI addressing TVRA. The cont ribution gives an overview about important standardization taxonomies and activities as well as sample innovative industrial case studies, including tools and techniques that have been selected in the European ITEA project DIAMONDS.