Black box security testing aims to limit the information given to penetration testers in order to simulate a real-world attack environment. That’s usually a mistake, explains Ted Harrington, Infosec Skills instructor and best-selling author of "Hackable: How to Do Application Security Right." Harrington shares real-world examples where white box penetration outperforms black box testing, and how black box testing actually tests the wrong things.
0:00 – Black box testing vs white boxing testing
0:27 – The goal of security testing
0:58 – Black box security testing misconceptions
2:00 – Real-world example of black box vs white box
3:42 – Black box testing results
4:40 – White box testing results
5:13 – Key takeaways for security testing
– Watch the full webcast: https://www.youtube.com/watch?v=hYL0Mk1tCqs&ab_channel=Infosec
– Download Ted’s free ebook, “How to secure your software faster and better": https://www.infosecinstitute.com/form/secure-software-ted-harrington-ebook/
– Read Ted’s article on black box testing: https://resources.infosecinstitute.com/topic/3-major-flaws-of-the-black-box-approach-to-security-testing/
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.