White box testing requires knowledge of software security design and coding practices, an understanding of an attacker’s mindset, knowledge of known attack patterns, vulnerabilities and threats, and the use of different testing tools and techniques. White box testing brings together the skills of a security developer, an attacker, and a tester.
Books like Writing Secure Code, 19 Deadly Sins, and Building Secure Software help educate software professionals on how to write secure software, and books like How to Break Software Security and Exploiting Software help educate professionals on how to think like an attacker. There are several good books on software testing, including the two classics Software Testing Techniques and Testing Computer Software. There are several valuable information sites that detail known vulnerabilities, attack patterns, security tools, etc. White box testing is knowledge intensive and relies on expertise and experience.
No comments:
Post a Comment