Why

Connected products and online services are prone to misuse by rogue users. Security tests help to prevent misuse.

How

Many system tests use a closed set to test if the system does what it should do. Security tests use an open set and test whether the system does not do what it is not supposed to do. Black box testing presumes little or no knowledge about the internals of the system to be tested. White box testing encompasses the product’s complete lifecycle, including development, production, and user guidance. Use creativity tools like brainstorming for white box testing, or validated lists of known vulnerabilities for black box testing.

Ingredients

• An inquisitive mindset and the necessary expertise.

• Technical tools.

• Plenty of time and computing power.

• Documentation, source code for white box testing.

• Tools like SANS TOP 25 Software Errors for black box testing.

Practice

Companies use different types of security testing. For black box testing, stepping stone scans and standard lists of known vulnerabilities are used. White box testing is conducted when requested by the product developer.