Since the systematic integration of risk assessment and testing is a relevant approach to address product risks in software development and to cope with limited testing resources, current standards like ISO/IEC/IEEE 29119, ETSI EG 203 251, or the OWASP Security Testing Guide recommend a systematic integration between these two domains. The systematic combination of risk assessment and testing is known as risk-based testing, and it applies assessed risks of the software product as the guiding factor to steer all phases of a test process, i.e., test planning, design, implementation, execution, and evaluation. Risk-based testing has become quite popular, and several approaches were developed. However, the standards stay mostly abstract with regard to the concrete implementation and do often not provide concrete guidance on how to define, adapt, or assess risk-based testing approaches and tools. Because of the growing demand for risk-based testing processes by industry and the increasing number of available risk-based testing approaches, solid methodological support to define, tailor, categorize, assess, compare, and select risk-based testing approaches is required. This presentation provides a taxonomy for risk-based testing that serves as a tool to define, tailor, or assess risk-based testing approaches in general and to instantiate risk-based testing approaches for the current testing standards ISO/IEC/IEEE 29119, ETSI EG and OWASP Security Testing Guide in particular. We will demonstrate the usefulness of the taxonomy by applying it to the aforementioned standards as well as to the risk-based testing approaches SmartTesting, RACOMAT, PRISMA, and risk-based test case prioritization using fuzzy expert systems. Our taxonomy provides the methodological support to systematically identify deviations between the standards’ requirements and the individual testing approaches so that we are able to position and compare the testing approaches and discuss their potential for practical application. Considering at least the approaches that have been subject to our evaluation, we can state that there is already a good coverage of the requirements. However, there are differences between the approaches, and not all required areas of risk-based testing are fully supported. In the course of our presentation, especially practitioners will get a systematic overview of the requirements from standardization, by which techniques and procedures these requirements can be instantiated, and how risk-based testing approaches can be tailored and compared.