Wednesday, 25 February 2015

Box Testing - Its Not All Black and White

Predominantly Box Testing - Penetration Test (Pen Test) - is about accessing how robust a system is in the face of an attack: Or software failures occur. There are various levels of Box Testing - Namely White, Grey and Black Box Testing. Whitebox Testing should be say is the least intrusive as it is centered around how the system is operating: How it behaves when certain procedures and practices are performed. Information and data flow is analysed as well as error handling and business codes of practice.

Whitebox Testing - AKA Penetration Test: Clear or Open Box Testing - deals with the logic and infrastructure of a systems code. Overall a Penetration Test endeavors to pinpoint any specific area within the code which might be malfunctioning and so vulnerable to malicious attack. One of its main advantages is that it helps to ensure systems are optimised: Untidy and malfunctioning codes can be identified and cleaned up. However, it should be noted that while a Penetration Test can pinpoint messy code analysing every piece of code within a system is rarely testing Uk

Whitebox Testing can be carried out at any stage. Although most would be inclined to say the best practice is to carry out regular Whitebox Testing during the development and testing stage - Ensuring vulnerabilities are not built upon and the systems security functionality can be validated.

Some Penetration Test Methodologies include:

Unit Testing - Box Testing at a more basic level. The code of a specific unit is tested

Static Analysis - The analysis of code to uncover defects

Dynamic Analysis - Executing and analysing code output

Security Matters

Security is one of the more sophisticated aspects of any Penetration Test. Black, Grey and Whitebox Testing investigate how vulnerable a system is to attack. White Box Testing uncovering vulnerabilities and establishing what would be the consequences should the system be infiltrated by an 'insider' - That is, someone who has attained certain passwords and levels of access. Black Box Testing on the other hand tests the systems vulnerabilities from an outsider with no previous knowledge of the systems infrastructure or passwords. To what degree a Company's systems need to be penetrated varies: It is not all black and white - There are many grey areas in-between.....

Murray IT Security Services can provide expert Box Testing [] advice. Offering a range of IT Security Services our experts can perform Black and Whitebox Testing [] as well as work in the Grey. Our reports are informative and can help a Company ensure they are focusing their IT Security budget in the right areas; As well as keep their systems optimised and secure. Contact Murray IT

No comments:

Post a Comment