Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Crown Copyright (2000) Module 2.3 Functional Testing.

Published byJeremiah Rollins Modified over 10 years ago

Similar presentations

Presentation on theme: "© Crown Copyright (2000) Module 2.3 Functional Testing."— Presentation transcript:

1 © Crown Copyright (2000) Module 2.3 Functional Testing

2 You Are Here M2.1 Security Requirements M2.2 Development Representations M2.3 Functional Testing M2.4 Development Environment M2.5 Operational Environment M2.6 Vulnerability Analysis M2.7 Penetration Testing M2.8 Assurance Maintenance/Composition MODULE 2 - ASSURANCE

3 Introduction What is Functional Testing ? –Why do we do it ? Developer testing –coverage and depth Evaluator testing –corroboration of developer testing –additional testing

4 What is Functional Testing ? Testing the Security Functions Confidence in design and refinement Proving the developers tests To collect ideas for Penetration Testing

5 Developers Test Evidence Test Plans and Specifications Test Programs Expected and Actual results

6 Test Coverage and Depth Covering the security functions Demonstrate that the TOE operates in accordance with the design Levels of testing and demonstration of coverage –direct –indirect

7 Different types of testing Repeating developers tests –sampling of tests Additional tests to ensure security functionality fully covered using different –interfaces –inputs –configuration parameters

8 ITSEC Requirements

9 CC Requirements

10 Typical Functional Test Form

11 Evaluation Reporting Record and justify sampling strategy Justify strategy for additional testing Record results of tests and conclusions Provide test configuration details

12 Summary Confidence that the security functions behave as specified –coverage and depth –corroboration of developer tests –additional tests Understanding before Penetration testing

13 Further Reading ITSEC evaluation UK SP 05 Part III, Chapter 7 CC evaluation CC Part 3, Sections 2.6.6 and 13 CEM Part 2, Chapters 5-8 (ATE sections)

14 Exercise - 1 Only an administrator with the appropriate authorisation shall be able to: create new user accounts delete, disable or enable existing user accounts. Identify test cases to provide adequate coverage of the above security function

15 Exercise - 2 Identify test cases to cover all statements all branches AB C TRUEFALSE y z TRUE

Download ppt "© Crown Copyright (2000) Module 2.3 Functional Testing."

Similar presentations

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.
© Crown Copyright (2000) Module 2.4 Development Environment.

© Crown Copyright (2000) Module 2.4 Development Environment.
© Crown Copyright (2000) Module 3.1 Evaluation Process.

© Crown Copyright (2000) Module 3.1 Evaluation Process.
Security Requirements

Security Requirements
© Crown Copyright (2000) Module 2.0 Introduction to Module 2.

© Crown Copyright (2000) Module 2.0 Introduction to Module 2.
© Crown Copyright (2000) Module 2.5 Operational Environment.

© Crown Copyright (2000) Module 2.5 Operational Environment.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
© Crown Copyright (2000) Module 3.2 Evaluation Management.

© Crown Copyright (2000) Module 3.2 Evaluation Management.
© Crown Copyright (2000) Module 2.7 Penetration Testing.

© Crown Copyright (2000) Module 2.7 Penetration Testing.
© Crown Copyright (2000) Module 2.2 Development Representations.

© Crown Copyright (2000) Module 2.2 Development Representations.
SADC Course in Statistics Introduction to Statistical Inference (Session 03)

SADC Course in Statistics Introduction to Statistical Inference (Session 03)
Software Quality Assurance Plan

Software Quality Assurance Plan
Chapter 12 Prototyping and Testing Design of Biomedical Devices and Systems By Paul H. King Richard C. Fries.

Chapter 12 Prototyping and Testing Design of Biomedical Devices and Systems By Paul H. King Richard C. Fries.
ISO 9001:2000 Documentation Requirements

ISO 9001:2000 Documentation Requirements
Software Quality Assurance Plan

Software Quality Assurance Plan
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Open Source Security Myth — And How to Make it A Reality Michael Davis Dynamic Security Concepts, Incorporated Track 3, 1300 Sunday, 1 August 2004.

The Open Source Security Myth — And How to Make it A Reality Michael Davis Dynamic Security Concepts, Incorporated Track 3, 1300 Sunday, 1 August 2004.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.

1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.

Similar presentations

Ads by Google