Security Audit and Certification – Part 2
Identify which of the vulnerability challenges of the Juicy Shop system that have been described in are relevant to the satisfaction/violation of each SFR
Carry out the penetration testing activities which are necessary to prove AT LEAST HALF of the vulnerabilities that have been identified for each of the SFRs
Record the evidence generated whilst carrying out penetration testing for each vulnerability
Provide a rationale of how exactly the evidence accumulated for (3) indicates the violation of the SFR that is associated with the relevant vulnerability challenge in (1)