Do you wanna be a digital citizen? then read this!

WHITE BOX VS BLACK BOX TESTING

 

• 

• 
  

  Testing is a process of validating and verifying that an application, software, website and product is working as expected. Both the testing forms mentioned above are equally important and depends on the domains in which they're applied. The primary purpose is to detect software failures so that the defects may be discovered and corrected. Let us discuss them in detail:

  White Box Testing

  It is a method of testing in which the internal structure is checked and code is verified, keeping in mind the design specification. Here are some points:

  • The application is tested at the source code level.
  • Testing for loops, if-else statements, etc are part of white-box testing.
  • Done by testers and developers.

   

  Black Box Testing

  Black Box Testing is performed without having much knowledge of the internal workings of the software. Here are some points:

  • It tests how the software behaves as a whole and analyzes client requirement specifications.
  • Usually done with those who have no knowledge of the actual code.
  • Done by end-users, testers and developers.

   

  Comparison

  ·Role:

  White Box Testing: Its role is to find common defects in code.
  Black Box Testing: It verifies that the requirements are met and examines the functionality of an application.

  ·Granularity

  Granularity in testing is a way to determine the expected result for a test case.
  White Box Testing: High granularity.
  Black Box Testing: Low granularity when compared with white box testing.

  ·Other names:

  White Box Testing: It is also known as glass box, transparent box, structural testing and non-functional testing
  Black Box Testing: It is also known as closed box, functional testing.

  ·Performed by:

  White Box Testing: This type of testing is done by testers and developers.
  Black Box Testing: This is done by end-users, testers and developers.

  ·Domain

  White Box Testing: It is suited for all domains.
  Black Box Testing: It is suited only for business domain testing.

  ·Algorithm Testing

  White Box Testing: Algorithm testing is suitable for white box testing.
  Black Box Testing: Algorithm testing is not considered suitable for black box testing.

  ·Basis for Test Cases

  White Box Testing: The test case is based on detail design.
  Black Box Testing: The test case is built around requirements and specifications.

  ·Programming Knowledge

  White Box Testing: For performing black box testing, programming skills are necessary to test the internal structure. Sometimes, a programmer with high level knowledge is required.
  Black Box Testing: For performing black box testing, programming skills are not required. It is done with those who usually have no knowledge of the actual code.

  ·Maintenance

  White Box Testing: Maintenance is difficult as it uses debuggers, compilers and other tools.
  Black Box Testing: Maintenance is easier.

  ·Test Case

  White Box Testing: Test Cases are easier to design.
  Black Box Testing: It’s difficult to design test cases in black box testing.

  ·Time

  White Box Testing: It is time-consuming as internal structure is tested.
  Black Box Testing: Takes less time when compared with White Box.

  ·Testing Stage

  White Box Testing: It is performed early in the testing process.
  Black Box Testing: It is applied during the later stages of testing.

  ·Errors

  White Box Testing: It attempts to find errors in internal logic of program.
  Black Box Testing: It attempts to find the following errors:

  • initialization errors
  • incorrect functions error
  • database access errors

  ·Levels

  White Box Testing: Applicable to lower levels of testing:

  • Unit testing, and
  • Integration Testing.

  Black Box Testing: Applicable to higher levels of testing:

  •  Acceptance Testing, and
  •  System Testing

  ·Implementation Knowledge

  White Box Testing: Implementation Knowledge is required.
  Black Box Testing: Implementation Knowledge is not necessary for black box  testing.

  ·Selection of Test Cases

  White Box Testing: Large number of test cases are to be written for white box.
  Black Box Testing: It is based on the selection of sample test cases.

  ·Internal Structure

  White Box Testing: The internal structure is known.
  Black Box Testing: Tests how the software behaves as a whole, so internal structure is not known.

  ·Techniques

  White Box Testing techniques:

  • Control flow testing
  • Data flow testing
  • Branch testing
  • Path testing
  • Statement coverage
  • Decision coverage

  
  Black Box Testing techniques:

  • Decision table testing
  • All-pairs testing
  • Equivalence partitioning
  • Boundary value analysis
  • Cause–effect graph
  • Error guessing

Read and Answer the following short survey about digital divide

What is the Value of a Penetration Test?

Few of the reasons organizations invest in penetration testing:

• Determining the feasibility of a particular set of attack vectors
• Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
• Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
• Assessing the magnitude of potential business and operational impacts of successful attacks
• Testing the ability of network defenders to successfully detect and respond to the attacks
• Providing evidence to support increased investments in security personnel and technology to C-level management, investors, and customers
• Meeting compliance  (for example: the Payment Card Industry Data Security Standard (PCI DSS) requires both annual and ongoing penetration testing (after any system changes)
• Post security incident, an organization needs to determine the vectors that were used to gain access to a compromised system (or entire network). Combined with forensic analysis, a penetration test is often used to re-create the attack chain, or else to validate that new security controls put in place will thwart a similar attack in the future.

Shoulder surfing

Shoulder surfing (computer security) 

In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. It is commonly used to obtain passwords, PINs, security codes, and similar data.

Occurrence

Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they:

• fill out a form
• enter their PIN at an automated teller machine or a POS terminal
• use a telephone card at a public payphone
• enter a password at a cybercafe, public and university libraries, or airport kiosks
• enter a code for a rented locker in a public place such as a swimming pool or airport
• enter a PIN or password on their smartphone
• public transport is a particular area of concern.

Prevention

Some automated teller machines have a sophisticated display which discourages shoulder surfers from obtaining displayed information. It grows darker beyond a certain viewing angle, and the only way to tell what is displayed on the screen is to stand directly in front of it. Although this prevents an observer obtaining some information, e.g. account balance, it is generally not required to protect the PIN, because the PIN is typically not displayed during entry.

Certain models of credit card readers have the keypad recessed, and employ a rubber shield that surrounds a significant part of the opening towards the keypad. This makes shoulder-surfing significantly harder, as seeing the keypad is limited to a much more direct angle than previous models.