Abstract
The CORAL approach is a model‐based method to security testing employing risk
assessment to help security testers select and design test cases based on the available risk picture. In this report we present experiences from using CORAL in an industrial case. The results indicate that CORAL supports security testers in producing risk models that are valid and threat scenarios that are directly testable. This, in turn, helps testers to select and design test cases according to the most severe security risks posed on the system under test.
Oppdragsgiver: Norwegian Research Council
assessment to help security testers select and design test cases based on the available risk picture. In this report we present experiences from using CORAL in an industrial case. The results indicate that CORAL supports security testers in producing risk models that are valid and threat scenarios that are directly testable. This, in turn, helps testers to select and design test cases according to the most severe security risks posed on the system under test.
Oppdragsgiver: Norwegian Research Council