White box testing for security is useful and effective. It should follow a risk-based approach to balance the testing effort with consequences of software failure. Architectural and design-level risk analysis provide the right context to plan and perform white box testing. White box testing can be used with black box testing to improve overall test effectiveness. It uncovers programming and implementation errors.
This paper introduces a risk-based approach and tools and techniques applicable to white box testing for security. Concepts and knowledge from two areas, traditional white box testing and security-based testing, were brought together. Other content areas on this web portal discuss different aspects of software security in detail. To gain more in-depth understanding of white box testing, readers are urged to supplement the knowledge gained here with other related areas available on this web site. The links to related topics are given in the Links section.