Under CopyrightMeer, J. deJ. deMeerRennoch, A.A.Rennoch2022-03-118.9.20112011https://publica.fraunhofer.de/handle/publica/37190210.24406/publica-fhg-371902ETSI has provided a practical Evaluation Methodology, called the TVRA Methodology, with respect to three kinds of system: Threats, Vulnerabilities and Risks (TVR) of a system to be analyzed (thus being identified) by executing seven (basic version 2009) respectively 10 steps (advanced version 2010) according to recent ETSI TS 102 165-1 V4.2.x (2010) TISPAN specification. ETSI's Evaluation Philosophy behind the TVR-Analysis Methodology is that any security-sensitive system or module must be evaluated and tested against the security perimeter by which a module fortifies her assets. An example of fortification is the so-called Cryptographic Module according the specification of the NIST standard FIPS PUB 140-2. By this contribution we demonstrate ETSI's TVRA security evaluation approach by applying model-based testing techniques and, where appropriate - implementations by applying TTCN-3 notation to systems being subject of vulnerabilities and threats in a hostile environment.ensecuritytestingTVRATTCN-3004presentation