COMPUTER PLATFORM 2
TABLE OF CONTENTS
INTRODUCTION
The decision has been taken by Appledore Accountants Plc to set up a new computer support department in-house. I have been assigned as a Senior Support Technician, to set up new procedures. To be more explicit, it is about the production of: acceptance plans for hardware and software, of security policies, health and safety requirements and setting standards for user documentation.
So, I am going to start describing white box testing and black box testing, and then I will produce a Windows XP user guide, along with a security policy for the stand-alone PCs.
1 DESCRIPTION OF WHITE BOX TESTING AND BLACK BOX TESTING
1.1 About white box testing
Any security testing method is supposed to ensure that the system is robust enough to face malicious attacks or regular software failures.
Thus, let us enumerate some main points about white box testing:
To know how the system is implemented will allow white box testing to be performed. White box testing includes analyzing data flow, control flow, information flow, coding practices, exception and error handling within the system, to test the expected and unexpected software behaviour.
White box testing can be carried out to validate whether code implementation follows intended design, to validate implemented security functionality, and to expose exploitable vulnerabilities.
White box testing needs to access the source code. It is indeed worth performing white box testing during the unit testing phase.
White box testing requires knowing what makes software secure or insecure, how to think like an attacker, and how to use different testing tools and techniques.
The first step in white box testing is to understand and analyze the source code, so knowing what makes software secure is a fundamental obligation.
Secondly, to create tests that exploit software, a tester must think like an attacker.
Thirdly, to perform testing efficiently,
INTRODUCTION
The decision has been taken by Appledore Accountants Plc to set up a new computer support department in-house. I have been assigned as a Senior Support Technician, to set up new procedures. To be more explicit, it is about the production of: acceptance plans for hardware and software, of security policies, health and safety requirements and setting standards for user documentation.
So, I am going to start describing white box testing and black box testing, and then I will produce a Windows XP user guide, along with a security policy for the stand-alone PCs.
1 DESCRIPTION OF WHITE BOX TESTING AND BLACK BOX TESTING
1.1 About white box testing
Any security testing method is supposed to ensure that the system is robust enough to face malicious attacks or regular software failures.
Thus, let us enumerate some main points about white box testing:
To know how the system is implemented will allow white box testing to be performed. White box testing includes analyzing data flow, control flow, information flow, coding practices, exception and error handling within the system, to test the expected and unexpected software behaviour.
White box testing can be carried out to validate whether code implementation follows intended design, to validate implemented security functionality, and to expose exploitable vulnerabilities.
White box testing needs to access the source code. It is indeed worth performing white box testing during the unit testing phase.
White box testing requires knowing what makes software secure or insecure, how to think like an attacker, and how to use different testing tools and techniques.
The first step in white box testing is to understand and analyze the source code, so knowing what makes software secure is a fundamental obligation.
Secondly, to create tests that exploit software, a tester must think like an attacker.
Thirdly, to perform testing efficiently,
References: 1) www.utoronto.ca 2) http://www.stmarysbelfast.ac.uk