| | Book ShopNew | Testing Tools | Testing Books | Testing Directory | Testing JobsNew | Testing CertificationsNew | |
testingsense.com
A forum to discuss Software Testing
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Software Testing Jobs
Only Software Testing Jobs
And Nothing Else
Technologies for Black Box Security Testing ?

 
Post new topic   Reply to topic    testingsense.com Forum Index -> Black Box testing
View previous topic :: View next topic  
Author Message
shikhawat



Joined: 29 Aug 2007
Posts: 17
PostPosted: Sat Sep 01, 2007 6:36 pm    Post subject: Technologies for Black Box Security Testing ? Reply with quote
Can you explain me Technologies for Black Box Security Testing ?
Back to top
View user's profile Send private message
stephen



Joined: 31 Aug 2007
Posts: 13
PostPosted: Sat Sep 01, 2007 6:40 pm    Post subject: Technologies for Black Box Security Testing... Reply with quote
Black box testing for security has a different technological focus than traditional black box testing. [Fink 04] defines positive requirements as those requirements that state what a software system should do, while negative requirements state what it should not do. Although security testing deals with positive requirements as well as negative ones, the emphasis is on negative requirements. In contrast, traditional software testing focuses on positive requirements. This difference in emphasis is reflected in the test tools that support black box test activities.

The technology incorporated in such tools can be classified as follows, according to its functionality:

Fuzzing: the injection of random or systematically-generated data at various interfaces, with various levels of human intervention to specify the format of the data

Syntax testing: generating a wide range of legal and illegal input values, usually with some knowledge of the protocols and data formats used by the software

Exploratory testing: testing without specific expectation about test outcomes, and generally without a precise test plan

Data analysis: testing the data created by an application, especially in the context of cryptography

Test scaffolding: providing testers with support tools they need in order to carry out their own black box tests. For example, if the tester wants to inject a certain error code when an application tries to open a pipe, support technology is needed to actually carry out this test.

Monitoring program behavior: When a large number of tests are automatically applied, it is useful to also have automatic techniques for monitoring how the program responds. This saves testers from having to check for anomalous behavior manually. Of course, a human is better at seeing anomalous behavior, but the anomalies that signal the presence of a security vulnerability are often quite obvious.
Back to top
View user's profile Send private message
shikhawat



Joined: 29 Aug 2007
Posts: 17
PostPosted: Sat Sep 01, 2007 6:46 pm    Post subject: Black box Security Testing and the Requirements/Design Stage Reply with quote
What are the Requirements/Design Stages of Black box Security Testing ?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    testingsense.com Forum Index -> Black Box testing All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
| | Book ShopNew | Testing Tools | Testing Books | Testing Directory | Testing JobsNew | Testing CertificationsNew | |