White box testing is a security testing method that can be used to validate whether code implementation follows intended design, to validate implemented security functionality, and to uncover exploitable vulnerabilities.
The purpose of any security testing method is to ensure the robustness of a system in the face of malicious attacks or regular software failures. White box testing is performed based on the knowledge of how the system is implemented. White box testing includes analyzing data flow, control flow, information flow, coding practices, and exception and error handling within the system, to test the intended and unintended software behavior. White box testing can be performed to validate whether code implementation follows intended design, to validate implemented security functionality, and to uncover exploitable vulnerabilities.
White box testing requires access to the source code. Though white box testing can be performed any time in the life cycle after the code is developed, it is a good practice to perform white box testing during the unit testing phase.
White box testing requires knowing what makes software secure or insecure, how to think like an attacker, and how to use different testing tools and techniques. The first step in white box testing is to comprehend and analyze available design documentation, source code, and other relevant development artifacts, so knowing what makes software secure is a fundamental requirement. Second, to create tests that exploit software, a tester must think like an attacker. Third, to perform testing effectively, testers need to know the different tools and techniques available for white box testing. The three requirements do not work in isolation, but together.
Example:
Suppose i have a application which show data into pie chart. And it calculates the pie chart angle wrong.
Pie chart angle can be calculated as Size of Angle= (value * 360)/ total value.
So my application calculating the value wrongly say instead of multiplying it by 360 we multiply it by 180.
Another way may be when the angle is calculated with correct algorithm Pie chart is showing round value means if angle is 103.56 then it will show 104. This will again creates problem because if it rounding the value for every angle then complete total may exceed 360 to may be 365 or 370.
The purpose of any security testing method is to ensure the robustness of a system in the face of malicious attacks or regular software failures. White box testing is performed based on the knowledge of how the system is implemented. White box testing includes analyzing data flow, control flow, information flow, coding practices, and exception and error handling within the system, to test the intended and unintended software behavior. White box testing can be performed to validate whether code implementation follows intended design, to validate implemented security functionality, and to uncover exploitable vulnerabilities.
White box testing requires access to the source code. Though white box testing can be performed any time in the life cycle after the code is developed, it is a good practice to perform white box testing during the unit testing phase.
White box testing requires knowing what makes software secure or insecure, how to think like an attacker, and how to use different testing tools and techniques. The first step in white box testing is to comprehend and analyze available design documentation, source code, and other relevant development artifacts, so knowing what makes software secure is a fundamental requirement. Second, to create tests that exploit software, a tester must think like an attacker. Third, to perform testing effectively, testers need to know the different tools and techniques available for white box testing. The three requirements do not work in isolation, but together.
Example:
Suppose i have a application which show data into pie chart. And it calculates the pie chart angle wrong.
Pie chart angle can be calculated as Size of Angle= (value * 360)/ total value.
So my application calculating the value wrongly say instead of multiplying it by 360 we multiply it by 180.
Another way may be when the angle is calculated with correct algorithm Pie chart is showing round value means if angle is 103.56 then it will show 104. This will again creates problem because if it rounding the value for every angle then complete total may exceed 360 to may be 365 or 370.
