This course provides an introductory look at what security testing is, its purpose, the two main types of security testing, and the key differences between these types.

By the end of this course, you will be able to:

• Understand the concept of security testing and the security testing types
• Associate testing techniques to security testing activities
• Identify the main responsible for such activities and in which phase of the PLC the security testing activities take place

This module introduces the common software weaknesses and mitigation strategies with the top 10 secure coding practices. Learn how flaws get into code and how these can be avoided whilst incorporating secure coding into your day-to-day work.

By the end of this course, you will be able to:

• Be aware of how easy it is for flaws to be introduced into code
• consciously avoid weaknesses whilst incorporating secure coding

This module will provide an understanding of the security challenges associated with software (SW) and firmware (FW) updates in automotive, identify security practices and building blocks to address these challenges and support software developers in implementing and delivering secure software updates.

By the end of this course, you will be able to:

• Understand the importance of SW/FW updates
• How the updates are caried out
• Identify the mains security challenges associated with SW updates
• Protect a system against some security attacks by ensuring authenticity and integrity of SW

This training provides an overview of the threat analysis and risk assessment (TARA) methodology in terms of context establishment, security and privacy threat analysis, risk assessment and risk treatment.

By the end of this course, you will be able to:

• Perform a systematic security and privacy analysis of systems, software and products
• Follow the Threat Analysis, Risk Assessment and Risk Treatment methodology developed by the Security and Privacy Competence Center (SCC)

This training introduces the security risk analysis process and provides insights in modelling a system with data flow diagrams, attack trees and STRIDE threat analysis techniques as well as ISO 27005 risk treatment strategies.

By the end of this course, you will be able to:

• Identify, estimate and prioritize potential security risks
• Describe how a system is protected
• Model the system using data flow diagrams
• Analyze threats with two threat modelling techniques
• Recognize the benefits of security risk analysis

This training provides an overview and creates awareness on privacy and data protection in automotive using Continental as an illustrative example.

By the end of this course, you will be able to:

• Define data protection and privacy
• Identify the key principles of ‘privacy related data’ in the GDPR
• Summarize the technical and organizational measures to ensure the privacy of end-user’s data
• Analyze the chain of accountability for personal data

This training provides a common understanding about secure boot to ensure the authenticity and integrity of software before its execution.

By the end of this course, you will be able to:

• Define what secure boot is
• Summarize why and when it is necessary to implement
• Different secure boot schemes
• Identify the cryptographic building blocks supporting the implementation of secure boot and their requirements

This training provides an overview of different types of secure hardware components, their role as trust anchors and their main features.

By the end of this course, you will be able to:

• Understand the purpose and use of secure hardware components
• Recognize three types – SHE, HSM and TPM
• Distinguish their security features and their cryptographic services support
• Recognize which use cases can be implemented with the support of these components
• Ultimately, assess the security capabilities of an ECU

This training module gives an overview of key aspects, fundamentals, standards, and approaches to consider security in automotive products using Continental as an illustrative example. Furthermore, typical cyber security vulnerabilities and effective countermeasures to develop secure automotive products will be addressed.

By the end of this course, you will be able to answer following questions:

• Why is Cyber Security so important?
• What do we need to protect?
• Who are the attackers?
• How to prevent attacks?

In this training will focus on the fundamental attributes of IT security and security risk analysis. Different security terminologies and their relationship to the automotive domain are explained.

By the end of this course, you will be able to:

• Understand the difference between following security attributes: Confidentiality, Integrity, Availability (CIA); Authenticity, Non-repudiation, Privacy; Elements of risk (asset, security goal, security requirement, threat, threat agent, security control etc.)