The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks
from the Internet. To determine the weaknesses, the consultant has no access to the application program
interfaces, code, or data structures.
Which of the following types of testing is this an example of?
Black-box testing is a method of software testing that examines the functionality of an application without
peering into its internal structures or workings. This method of test can be applied to virtually every level of
software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level
testing, but can also dominate unit testing as well.
Specific knowledge of the application’s code/internal structure and programming knowledge in general is not
required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For
instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how
the software produces the output in the first place.