Testing security mechanisms

Basics of security testing

© iStock/ metamorworks

The challenge

Security in modern IT systems can be established through a variety of mechanisms. The most common ones include firewalls, malware scanners, authorisation, and authentication. Depending on the nature of the respective system, suitable mechanisms are implemented, and their effectiveness must be tested.


The solution

Testing must be carried out to ensure the effectiveness of the security mechanisms used.

The course teaches test methods and concepts for testing common security mechanisms. Basic conceptual and technical knowledge is imparted, which is illustrated by means of concrete examples. In this way, the participants can try out the test methods of the security mechanisms during an attack on an IT system.  In the process, characteristic vulnerabilities are exploited, and at the same time methods are taught to identify and close them.


Your advantages at a glance


After the seminar you will be able to

Implement security mechanisms and apply testing methods for common security mechanisms.


This seminar offers you

  • A systematic introduction to testing security mechanisms
  • Learning from practical examples
  • An opportunity to try out your new knowledge in a simulated scenario.
Type of event
Online or in Person
Certificate of attendance
access Requirements
Basics of software testing (e.g. ISQTB Certified Tester Foundation Level)
Dates, registration deadline and location
  • In-house seminar (by arrangement)
1 day (6 hours)
Event location
Fraunhofer FOKUS, Kaiserin Augusta Alle 31, 10589 Berlin or other locations
  • Developers
  • system administrators
  • test developers
  • System hardening
  • Authentication and authorisation
  • Encryption
  • Firewalls
  • Attack detection
  • Malware scan
  • Data masking

After the course, participants will be able to understand, implement and test appropriate security mechanisms depending on the system. This includes:

  • Understanding the concept of system hardening as well as how to test the hardening of Linux systems using OpenScap.
  • Understanding the relationship between authentication and authorisation and being able to implement appropriate mechanisms.
  • Cracking passwords using hashcat
  • Understanding encryption using https communication, recording and decrypting the browser's https communication.
  • Understanding the concept and application of firewalls in securing information systems and testing them using port scans.
  • Understanding the principle of attack detection tools and learn how to use them on a Linux system.
  • Analysing and testing potentials and limits of malware scanners
  • Detecting and eliminating data masking

Dorian Knoblauch

Dorian Knoblauch is a research associate in the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in security testing and test automation.


Jürgen Großmann

Jürgen Großmann is team leader of the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance, risk analysis and IT security testing in the field of critical, networked software systems in the automotive industry and the financial sector.