Our colleague Reinhard Kugler, Applied Research Consultant at SBA Research, will give a talk titled From Garage Testing to CI Pipelines: Towards automated Security Testing of Automotive Containers at the ScapyCon on September 15th in Regensburg, Germany.
Abstract
Linux and containers are now a common deployment technique in modern automotive ECUs, including Infotainment systems and HPCs. The security testing and prototyping still remain a challenge and companies still are adapting to modern software development and building practices like CI/CD. The main goal to moving from ad-hoc testing approaches to fully automated Dynamic Application Security Testing (DAST) is accompanied by several challenges:
- Support for automotive environments such as CAN in IT build environments (CI)
- Integration of testing tools with the system under test (SUT)
- Automation of test cases to provide repeatable and cost effective testing
This talk outlines the integration of automotive applications into automated build systems for automotive software and explores practical testing approaches such as smart fuzzing, automation with Scapy and combinatorial testing.
About the speaker
Reinhard’s focus relies on security testing of IT and industrial cyber-physical systems. Based on his prior experience in cyber defense, he works with companies to develop security capabilities and secure products. Reinhard is an experienced instructor and develops tailored security trainings. His mission is to apply research methods (combinatorial security testing) to industrial applications, like automotive, embedded or cloud.
About the Conference
ScapyCon is a technical cybersecurity conference focused on network packet manipulation, automotive security, embedded systems, and protocol analysis using the Python framework Scapy. The conference combines expert talks, hands-on workshops, live demonstrations, and networking sessions for professionals working in cybersecurity and connected systems. Major themes include automotive Ethernet security, CAN and CAN-FD analysis, reverse engineering, penetration testing, firmware analysis, IoT security, aviation security, and AI-based intrusion detection.