Masterarbeit
Automation of IT Security Lab Processes: Enhancing Test and Report Automation
Completion
2025/07
Research Area
Students
Harshil Kyada
Advisers
Abubaker Gaber
Prof. Dr.-Ing. Martin Gaedke
Description
In the field of cybersecurity and IT security, the increasing complexity and volume of security evaluations necessitate robust automation solutions. While manual testing and documentation review ensure thoroughness, they are time-consuming, inconsistent, and prone to formatting issues. This thesis aims to address two critical aspects of security testing: documentation review and test automation processes. The first focus area is improving the security lab’s documentation review process to ensure test results and methodologies are accurately recorded, standardized, and aligned with industry evaluation criteria. A structured review framework will be developed to enhance the consistency, traceability, and efficiency of security assessments.
The second focus area is test automation, specifically integrating test data collection into a streamlined and automated workflow. Key challenges include maintaining automation tools, reducing reliance on manual execution and monitoring, and integrating test results into standardized formats such as JUnit XML. The proposed solution involves a harmonized automation strategy that reduces tool dependency, automates scheduling and monitoring, and incorporates failure recovery mechanisms to minimize manual intervention. The evaluation of the proposed approach will be based on efficiency improvements, comparative analysis of manual versus automated processes, usability, and the overall quality of security documentation. The impact on workflow efficiency, report accuracy, and compliance with security standards will be measured through before-and-after analyses, tester feedback, and iterative improvements. By enhancing both documentation review and test automation, this thesis seeks to optimize security lab operations, improve testing reliability, and contribute to more systematic and standardized cybersecurity evaluations.
