Security Test

Uit Engineering Wiki
Versie door Mediawiki (overleg | bijdragen) op 11 dec 2019 om 10:24 (Nieuwe pagina aangemaakt met '=Why= Connected products and online services are prone to misuse by rogue users. Security tests help to prevent misuse. =How= Many system tests use a closed...')
(wijz) ← Oudere versie | Huidige versie (wijz) | Nieuwere versie → (wijz)
Naar navigatie springen Naar zoeken springen

Why

Connected products and online services are prone to misuse by rogue users. Security tests help to prevent misuse.

How

Many system tests use a closed set to test if the system does what it should do. Security tests use an open set and test whether the system does not do what it is not supposed to do. Black box testing presumes little or no knowledge about the internals of the system to be tested. White box testing encompasses the product’s complete lifecycle, including development, production, and user guidance. Use creativity tools like brainstorming for white box testing, or validated lists of known vulnerabilities for black box testing.

Ingredients

  • An inquisitive mindset and the necessary expertise.
  • Technical tools.
  • Plenty of time and computing power.
  • Documentation, source code for white box testing.
  • Tools like SANS TOP 25 Software Errors for black box testing.

Practice

Companies use different types of security testing. For black box testing, stepping stone scans and standard lists of known vulnerabilities are used. White box testing is conducted when requested by the product developer.