Development of a Penetration Test Concept in the development of a telemetry module

• A TIER1 supplier develops a telemetry module for an OEM. The field of application in the target system requires a high level of system security. Therefore, Penetration Testing has to be integrated into the development processes.​​

The project consisted of 3 phases​:

• In phase 1 analysis, the requirements are analyzed​
• In phase 2 a risk assessment was executed
• In the last phase penetration test concept was formulated​

• Identified security requirements (client, internal, project specific) with respective test level (internal/external) and verification criteria​
• Security Risks evaluated with an attack tree-based approach
  • Identification all relevant Assets​
  • Identification of project relevant security goals​
  • Identification of project relevant security objectives​
  • Generation of all threats​
  • Evaluation of all threats or vulnerabilities (building the attack tree)​
• Analyze of the system under test regarding the implementation of test cases, Assessment of tools required for test cases implementation​​​