Secure Software Engineering in the Automotive Development Process

The challenge: it is difficult to make software secure once is has been programmed

Systems and applications are becoming more and more complex, and more interconnected. This expands the areas in which the systems are susceptible to attacks.Whether it's PC applications, smartphone applications, or devices as part of the Internet of Things, the development of secure software systems will become more and more important for you when looking to increase resistance to attacks. New threats must be handled appropriately at all stages of the development process.

The solution: take into account essential best practices during all stages of software development

The goal of this basic training course is to provide participants with the knowledge and the ability to assess current procedure models, methods and tools that can be used for the systematic development of secure software throughout its entire life cycle. This includes looking at security requirements and learning how to carry out threat analyses. The course also investigates the secure implementation of the software, along with testing of software for security weaknesses.The knowledge obtained from the course is then put to the test in practical workshops. An overview of the research currently done in this field is also provided.

How you can benefit: at a glance

After the seminar, you will be able to...

... take security into account at all stages of software development.
... assess and protect against important threats for secure software.
... avoid, track and eliminate significant security vulnerabilities in software.


This seminar will provide you with...

... a comprehensive overview of the procedure for designing and implementing secure software.
... workshops in which you can try out the development of secure software using sample projects.
... interaction with experts and colleagues..

Information Overview

Duration 2 days in class
Learning objectives – Knowing and assessing important current procedure models, methods and tools for the systematic development of secure software throughout its entire life cycle
– Implementing fundamental design tasks for developing secure software
– Avoiding, discovering and eliminating central implementation errors
Target group – Software architects and engineers
– Experts and technical (project) managers in development projects
Requirements Basic knowledge of software engineering: software development processes, requirement analysis, programming in Java or C, software testing
Organized by Fraunhofer AISEC
Cost € 1.200

Download our flyer for more information.

– Procedure models, maturity models and standards for the development of secure software
– Risk and requirement analysis
– Workshop requirements: Structural analysis with DFD, threat analysis with STRIDE, risk modeling, specification of requirements
– Secure design: Principles and design patterns
– Secure implementation: Points of attack in the automotive field
– Typical vulnerabilities in implementation and countermeasures
– Implementation workshop: Finding and avoiding programming errors
– Testing protection concepts

Felix Schärtl

Felix Schärtl has been a research associate at Fraunhofer AISEC since June 2020. He studied mathematics at the Ostbayerische Technische Hochschule Regensburg (OTH-Regensburg). He graduated with a Bachelor of Science degree in 2017. He completed the subsequent master's degree in mathematics in 2020, also at OTH-Regensburg. Mr. Schärtl finished the master's degree with the academic degree Master of Science with a focus on cryptography.

Tilo Fischer

Tilo Fischer has been a research associate at Fraunhofer AISEC since 2016. There, he works as a project collaborator in the topic area of secure sensor systems. Previously, he studied Applied Computer Science (Bachelor of Engineering) and Engineering Sciences with a focus on cryptoanalysis (Master of Applied Research) at the Ostbayerische Technische Hochschule Amberg-Weiden (OTH AW). Tilo Fischer gained additional industry experience as a security officer at Deutsche Systemhaus GmbH from 2014 to 2016.