Towards a Systematic Identification of Security Tests Based on Security Risk Analysis

Today's security testing is not systematic much less standardized. In particular, there are no clearly dened criteria for selecting relevant tests. Thus dierent analysts come to dierent results and sound quality assurance is hardly possible. Literature suggests basing the choice and prioritization of tests on risk considerations but lacks a systematic approach for a traceable transition from abstract and business-oriented risk analysis into the concrete and technical security testing world. We aim at bridging this gap in two steps: The rst one bridges between high-level and non-technical usiness worst case scenarios" and less abstract echnical threat scenarios" using a technical description of the system and a systematic STRIDE-based elicitation approach. The second is a rule-based step that maps technical thread scenario to est types", that is, to classes of tests that need to be adapted to the particular system under validation. Our method provides traceability for the choice for security tests and a standardized minimum quality assurance level.