OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Fernando Martins (fernando.martinsesoterica.pt)
Date: Thu Jan 17 2002 - 15:29:36 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > I think there needs to be a definite distinction between
    > 'source code audit'
    > and 'testing'.

    Testing can be (and it is) many things. Here the focus is on the
    security testing, where certain terms about testing are used such is
    white box or black box.

    A nice resource on testing terms is this one from
    http://www.testingstandards.co.uk/Gloss6_2.htm

    5.210 testing: The process of exercising software to verify that it
    satisfies specified requirements and to detect errors.

    5.158 security testing: *Testing* whether the system meets its specified
    security objectives.
    5.210 *testing*: The process of exercising software to verify that it
    satisfies specified requirements and to detect *errors*.
    5.87 *error*: A human action that produces an incorrect result.

    5.13 black box testing: See *functional test case design*.
    5.101 functional test case design: *Test case* selection that is based
    on an analysis of the *specification* of the *component* without
    reference to its internal workings.
    5.190 *test case*: A set of inputs, execution preconditions, and
    expected outcomes developed for a particular objective, such as to
    exercise a particular program path or to verify compliance with a
    specific requirement.
    5.164 *specification*: A description of a component's function in terms
    of its output values for specified input values under specified
    preconditions.
    5.43 *component*: A minimal software item for which a separate
    specification is available.

    5.219 white box testing: See *structural test case design*.
    5.178 *structural test case design*: Test case selection that is based
    on an analysis of the internal structure of the component.

    5.40 code-based testing: Designing tests based on objectives derived
    from the implementation (e.g., tests that execute specific control flow
    paths or use specific data items).
    5.53 control flow path: See path.
    5.140 path: A sequence of executable statements of a component, from an
    entry point to an exit point.

    ....

    Lots of more types of testing and things about

    FM