This chapter explores practical security testing approaches in more detail, based on the approaches briefly described in Section 4.2.3. Applying static code analysis tools and software composition tools, described in more detail in Chapters 5 and 6, respectively, during the software development phase helps to identify and reduce vulnerabilities in the software code early; however, there may be some weaknesses and vulnerabilities that these tools are not able to detect and therefore the next step in the product development typically involves security testing.

Functional testing in the automotive industry has been around for years, whereas security testing in the automotive industry is still in its infancy. Although, lately, there is more focus on security testing as part of the development process, there are many different approaches for embedded security evaluations, including theoretical security analyses, practical security testing, and verifiable security verification, as shown in Figure 7.1 [1].

This chapter first gives a brief introduction to the different types of embedded security evaluation approaches and discusses the respective advantages and disadvantages. It is a generally accepted ...