Forget phishing for bank account passwords. The deepest threats to online security are the weaknesses in the fundamental protocols that run the Internet.

Codenomicon Whitepaper

Black Box Testing and Codenomicon DEFENSICS

by Jon Oltsik, Enterprise Strategy Group
ESG white paper, April 2008.

Executive summary:

Ten years ago, testing software for security vulnerabilities was an afterthought. Few companies bothered to put their code through any security testing at all while others tested as little as they possibly could. Even firms with more pronounced security needs often lacked the tools and skills to really expose security bugs and discover vulnerabilities.

Those days seem like another era. This white paper discusses four main theories:

Security threats demand improved testing. A combination of sophisticated threats, cyber-crime, publicly disclosed breaches, and open access to networked applications make security protection an essential requirement for network devices and applications. This reality has actually changed the way many technology firms design, develop, and test their software.
Black box testing is catching on. Many software test engineers have embraced black box testing as a way to test system behavior by exercising protocols and interfaces with tools that are external to the actual software being tested. Firms often start their black box testing processes by using open source and freeware tools.
The road often leads to commercial black box systems. As users gain experience with black box testing tools, they often find that open source and freeware can?t meet their needs for testing network and application protocols as well as assorted interfaces. Rather than customize open source and freeware, test engineers often purchase commercial black box testing tools.
Implementing Codenomicon black box tools can result in numerous benefits. In preparation for writing this white paper, ESG spoke with several customers of Codenomicon, one of the industry leaders in the black box testing tools market. ESG found that adoption of Codenomicon?s DEFENSICS preemptive testing and robustness testing solutions produced a series of positive benefits including improved software quality, accelerated testing cycles, and lower overall costs associated with finding and fixing software bugs.

Codenomicon Whitepaper

Black Box Testing and Codenomicon DEFENSICS

Executive summary:

A Complimentary Webcast: "How to Test for Software Vulnerabilities"