What is White Box Testing?
The purpose of any security testing method is to ensure the robustness of a system in the face of malicious attacks or regular software failures. White box testing is performed based on the knowledge of how the system is implemented. White box testing includes analyzing data flow, control flow, information flow, coding practices, and exception and error handling within the system, to test the intended and unintended software behavior. White box testing can be performed to validate whether code implementation follows intended design, to validate implemented security functionality, and to uncover exploitable vulnerabilities.
White box testing requires access to the source code. Though white box testing can be performed any time in the life cycle after the code is developed, it is a good practice to perform white box testing during the unit testing phase.
White box testing requires knowing what makes software secure or insecure, how to think like an attacker, and how to use different testing tools and techniques. The first step in white box testing is to comprehend and analyze source code, so knowing what makes software secure is a fundamental requirement. Second, to create tests that exploit software, a tester must think like an attacker. Third, to perform testing effectively, testers need to know the different tools and techniques available for white box testing. The three requirements do not work in isolation, but together.
How to perform White Box Testing
The figure provides a graphic depiction of the security testing process. This same process applies at all levels of testing, from unit testing to systems testing. The use of this document does not require subscribing to a specific testing process or methodology. Readers are urged to fit the activities described here into the process followed within their organization.
The general outline of the white box testing process is as follows:
The following sections discuss inputs, activities, and deliverable outputs in detail.
The purpose of any security testing method is to ensure the robustness of a system in the face of malicious attacks or regular software failures. White box testing is performed based on the knowledge of how the system is implemented. White box testing includes analyzing data flow, control flow, information flow, coding practices, and exception and error handling within the system, to test the intended and unintended software behavior. White box testing can be performed to validate whether code implementation follows intended design, to validate implemented security functionality, and to uncover exploitable vulnerabilities.
White box testing requires access to the source code. Though white box testing can be performed any time in the life cycle after the code is developed, it is a good practice to perform white box testing during the unit testing phase.
White box testing requires knowing what makes software secure or insecure, how to think like an attacker, and how to use different testing tools and techniques. The first step in white box testing is to comprehend and analyze source code, so knowing what makes software secure is a fundamental requirement. Second, to create tests that exploit software, a tester must think like an attacker. Third, to perform testing effectively, testers need to know the different tools and techniques available for white box testing. The three requirements do not work in isolation, but together.
How to perform White Box Testing
The figure provides a graphic depiction of the security testing process. This same process applies at all levels of testing, from unit testing to systems testing. The use of this document does not require subscribing to a specific testing process or methodology. Readers are urged to fit the activities described here into the process followed within their organization.
The general outline of the white box testing process is as follows:
- Perform risk analysis to guide the whole testing process.
- Develop a test strategy that defines what testing activities are needed to accomplish testing goals.
- Develop a detailed test plan that organizes the subsequent testing process.
- Prepare the test environment for test execution.
- Execute test cases and communicate results.
- Prepare a report.
The following sections discuss inputs, activities, and deliverable outputs in detail.
No comments:
Post a Comment