Abstract: This study proposes a testing approach of component security based on dynamic fault tree and then specifies some related definitions of fault tree, fault injection model and attack pattern. A testing algorithm of component security based on dynamic fault tree and test-case generating approach are also proposed. The proposed testing approach generates fault injection cases which can trigger component vulnerabilities in maximum probability based on fault tree. At the same time, the fault tree can be improved according to the testing results after injecting faults. The proposed approach was implemented based on research projects CSTS (Component Security Testing System). The experimental results show that the approach is effective and can trigger lots of component exceptions by using fewer test-cases.