Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

What are different methods and techniques used for security testing at black box level?

As we all know, security testing is the concern about the security issues or processes to ensure a high level of security of a software system or application. But nowadays security testing means much more than just normal security check up. We mean to say that security is something much more than just being a methodology for scanning the network ports. Security is now being recognized as one of the most critical aspects of any system or software program.
In fact, one of the factors that brings down the standard of security testing is that it is often misunderstood by the testers. Security testing performed through the different methods and techniques at black box level can be way more effective than understood. Security testing at the black box level is quite simple as compared to the testing at the other levels. Security testing at the black box level is mainly performed using specialized tools for the purpose, called application security tools. This type of security testing is more effective than the functional testing that is carried out on the security structure. For making the security testing at the black box level a success, the testers need to follow an approach entirely based on the risk assessment.
This approach should extend from the actual architecture of the system to the mind set of the attacker. This strategy proves to be quite useful when it comes to adequately gauging the security of the whole software system or application. Based on the identification of the risks related to the software system or application, test cases can be created as based on those identified risks. Following this strategy, it becomes easy for the tester to focus properly on the parts of the software system which are more vulnerable to the identified risks. This approach gives better results when compared to those given by the classical black box testing since this method provides a greater assurance of the software security.
Though software security deals with the behavior of the software on the encounter of a security threat, software failures occur more frequently and that too without any intentional harm or mischief. Normal security testing is all about what will happen when the software fails, such as whether the failure is smooth, or does the failure occur in such a way that it can pose problems for the user. This technique does not focus up on the intention.
Security checking should be of the services offered by the system, information, skills of the adversaries, assurance remedies and the resources. Before carrying out the security testing at the black box level following any technique or method you need to run a risk analysis for the design of the software system in order to identify all the risks and security problems associated with the system. Vulnerability of a software system is what that is exploited by the attackers. The errors and bugs causing these vulnerabilities pose the major issue for the security of the software system. The steps as part of the process of black box security testing level to be followed are:
1. Creating cases about the security issues and security abuse.
2. List software security requirements.
3. Perform risk analysis for the architecture of the program.
4. Build test plans for security testing based on the identified risks.
5. Wield static tools for testing
6. Perform security tests.
7. Perform penetration test for a final check
8. Clean up after the security breaching.
The below mentioned 2 diverse approaches must be necessarily followed for security testing at black box level:
1. The security mechanisms should be tested thoroughly so as to ensure that their functionality is working properly and
2. The risk based security test must be performed in a way that it is a simulation of the approach followed by the attacker.

Web Security Testing Cookbook The Art of Software Security Testing Metasploit: The Penetration Tester’s Guide

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>