Connected products and online services are prone to misuse by rogue users. Security tests identify weaknesses of the system and thus help prevent misuse.
Many system tests use a closed set to test if the system does what it should do. Security tests use an open set and test whether the system does not do what it is not supposed to do. Use creativity tools like brainstorming for white box testing, or validated lists of known vulnerabilities for black box testing.
- An inquisitive mindset and the necessary expertise.
- Technical tools.
- Plenty of time and computing power.
- Documentation, source code for white box testing.
- Tools like SANS TOP 25 Software Errors for black box testing.
Companies use different types of security testing. For black box testing, stepping stone scans and standard lists of known vulnerabilities are used. White box testing is conducted when requested by the product developer.