Black Box Testing is not a single test but rather a testing strategy that allows for a timely and thorough application security review to measure the vulnerability of application security controls, by both unauthorized and legitimate users.
Also known as 'Opaque', 'Functional/Behavioural' or 'Closed Box', Black Box testing does not require access to source code, making it is the fastest and easiest way to explore software from the outside in order to gauge its vulnerability to compromise.
The Security Cube's methodology allows for testing from all user perspectives (including external unauthorized use) and all privilege levels. Our custom "proof-of-concept" methods highlight any high-risk vulnerabilities that may potentially compromise your application's security.
Security Cube provides you with the testing tools and systems to identify any potential breaches of security, illustrate their associated risks, and then communicate the findings to all business stakeholders.
The Security Cube's methodical approach combines manual and automated dynamic security testing techniques and proprietary application security directives (ASDs). We use premier proprietary and commercial dynamic assessment tools to create a consistent and measurable process that can be replicated on an ongoing basis.
The Security Cube's Black Box Testing strategy is comprised of a series of tests designed to check for both normal and abnormal behaviour by the system. To ensure a comprehensive assessment, some of the tests are conducted, under supervision, directly by the end-user, who is familiar with how the system should respond.
The testing is comprised of:
User Acceptance Testing:
To assess whether the software meets the user's expectations and works as expected.
The users sit with the developers, who note every particular input or action carried out by the user. Any abnormal behaviour of the system is noted and then addressed by the developers.
The software is distributed to the users as a beta (not yet active) version so it can be assessed from their perspective for functionality. By exploring the software, the users note any exceptions, defects or abnormalities that occur and report these to the developers.
This is done without a formal Test Plan or Test Case creation, and helps inform the scope and duration of the other tests to be performed. It is designed to familiarize the tester with the application prior to the commencement of additional testing.
This testing is similar to the Ad-hoc testing and is done in order to learn/explore the application.
The software is tested for the functional requirements, check to ensure the application behaves as designed.
This test ensures that the application can tolerate and manage 'heavy load' usage, such as complex numerical values, large number of inputs, large number of queries etc.
An extension of Stress Testing, the application is tested against other 'heavy load' demands like website testing, and identifies the point at which the performance of the site or application begins to degrade or fail.
This test measures the efficiency of the application, and is conducted by running a large quantity of data through the application to check the extreme processing limitations on the system.
Also known as 'User-Friendliness Testing', this test is applied when the User Interface of the application is highly specific, and specific to the type of user.
Also called 'Sanity Testing', this test is conducted to check if the application is functioning at its expected level without failing, and is ready to be put through major.
This test is conducted to measure how, and how quickly, the application can recover from a system crash, hardware failure etc.
Security Cube will deliver a detailed and comprehensive report once all assessments have been conducted. All Security Cube reports are customized to reflect requested reporting requirements, and include an executive summary, a full outline of all the steps performed, detailed technical findings, and recommendations.
Upon the completion of each Black Box application security assessment, Security Cube offers the following services:
o Regression testing of all items identified during the assessment
o Vulnerability Remediation Assistance and Project Management
o Custom Secure Application Development Training