SEFIROT's Testsuites for
Security Products and Services
|
|
|
|
SEFIROT GmbH is operating and developing test suites for security
products and services in particular for standard conformity,
interoperability and performance.
|
The tests of SEFIROT GmbH comprise of
code quality tests, code coverage tests, black box tests for standard
API's and company- specific APIs, protocol tests, conformity tests
(e.g. ISIS-MTT or EESSI), interoperability tests, performance tests,
multi-platform tests, system tests, coding tests, penetration tests,
regression tests, MMI tests and documentation tests.
|
|
Part of the company's quality management accompanying development is the
design of these test suites. All product developments of SEFIROT GmbH but
also of other manufacturers will be subjected to various tests if the
products are tied to the SEFIROT framework. Not unusual the quality assurance
applied has lead to an increased aggregate value added, process optimation,
transparency and investment safety for business partners.
|
|
Beyond that, SEFIROT is testing security products in proposals under
contract. Strategies for the quality assurance process will determine
type, intensity and cost of tests according to quality requirements as
submitted.
|
|
Security market situation, ranking of test suites
|
|
Security certificates for IT -products and -systems as issued by the
BSI (federal office for security in information technology) merit great
respect an will serve a sound purpose: this type of a seal or quality
recognition will support the user in his assessment if a security -product
or -system will possess sufficient security or not for the application
intended and if the risks identified could be tolerated.
|
Of course, high quality security product suites will not solely be
derived from the fact that security critical components of a product suite
own security certificates.
Incompatible, hardly stable proprietary products characterize
the present market in the security area; two aspects become visible:
|
|
1.
|
Further quality assurance measurements are compulsory in spite of
formal security inspection and
|
|
> 2.
|
some manufacturers of certified products are bypassing quality
assurance steps which would enforce standard conforming, interoperable
security products.
|
|
Manufacturer data concerning standard conformity often do not help
assessing the quality of products offered. Many products show appreciable
deficits and implementation mistakes in spite of the loudly claimed
compatibility with existing standards (compatibility with standard does
not yet imply cross-sectional compatibility1). These type products are of
limited value only and serve to impede the intended generic interoperability
among security products of different manufacturers.
|
Appropriate test environments can help here. SEFIROT's test suites are
therefore also focused to achieve interoperability of standard conformant
products of diverse manufacturers.
In parallel to the test suites with their integrated test tools SEFIROT GmbH
has developed a security framework combining architectural concepts and
standards in such a way that products of different manufacturers can without
problems be tied in and are capable of platform- neutral, interoperable
operation. Not only can different applications be addressed by the SEFIROT
security architecture; the framework components permit the employment of
different card readers and Smart Cards.
|
Company
Services & Consulting
Security TestSuites
