White Box Testing Approach to Security Testing
Internet has progressed from static content proving mechanism to more interactive application for e-business. A huge amount of transactions are happening over internet and thus security as a quality has to be embedded in internet application. According to report by Gartner over 70% of security attacks are targeted on web based application. Securing the network or system cannot check exploits targeted at application level. Different people have different suggestion to include security testing in different SDLC phase. Some are in opinion to start once the functional testing and load testing is done. The main disadvantage of doing this is lesser time to fix the security bug and cost associated with this is huge. I think we should include this right from the requirement phase and should continue till we install, deploy and maintain the software. In this paper I have come up with process how to integrate the security testing from the requirement phase also I tried to explain the key c