Conducting reverse engineering with full access to the way in which an
application works (regardless of whether this is a source view or binary view) is called
white box testing. In this chapter, we take a look at alternative methodologies, often
termed black box and gray box testing; both require running the application that we are
analyzing. In black box testing, you know no details of the inner workings of the application,
while gray box testing combines white box and black box techniques in which
you might run the application under control of a debugger, for example. The intent of
these methodologies is to observe how the application responds to various input stimuli.
The remainder of this chapter discusses howto go about generating interesting input
values and how to analyze the behaviors that those inputs elicit from the programs you
are testing.
335
Why Try to Break Software?
In the computer security world, debate always rages as to the usefulness of vulnerability
research and discovery. Other chapters in this book discuss some of the ethical issues
involved, but in this chapter we will attempt to stick to practical reasons. Consider the
following facts:
??? There is no regulatory agency for software reliability.
Pages:
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603