Thursday 10 September 2015

Communication robustness testing tool for cybersecurity standard.

The beSTORM® software security testing tool from Beyond Security has been formally recognized for official use by certification bodies in the ISASecure® industrial automation and control system (IACS) cybersecurity certification program.

Communication Robustness Testing (CRT) is one of four dimensions of embedded device certification. CRT tools are also used for network stress testing during system level certifications. With this recognition, Beyond Security joins the growing list of cybersecurity organizations supporting the ISASecure certification scheme.

beSTORM is a commercial, black box, intelligent fuzzer that performs dynamic security testing of products in development and can be used by network administrators to certify the security of networked applications before deployment. Software QA departments that may be using a dozen different tools to test application security can now get all dynamic security testing done with just one. Administrators who must certify applications before deployment can now use a single tool to test all networked applications—even those with proprietary protocols.

The ISA Security Compliance Institute (ISCI) publishes CRT test tool recognition requirements for evaluating CRT test tools submitted by suppliers for use in the ISASecure certification program. CRT test tools that have been formally recognized by ISCI may be used by ISASecure certification bodies for use in the CRT portion of the ISASecure EDSA and ISASecure SSA certifications.

The ISASecure® tool recognition process confirms that the product’s test suites meet the ISASecure CRT requirements and are capable of consistently executing ISASecure certification tests.

ISCI recomends that suppliers use ISCI-recognized CRT test tools during the product development and testing phases to identify and correct network-based security vulnerabilities. Using recognized CRT tools during the development process also aids suppliers in preparing for the formal ISASecure EDSA certification assessment.

No comments:

Post a Comment