Grey Box Testing
In recent years the term grey box testing has come into common usage. This involves having access to internal data structures and algorithms for purposes of designing the test cases, but testing at the user, or black-box level.Manipulating input data and formatting output do not qualify as grey-box because the input and output are clearly outside of the black-box we are calling the software under test. This is particularly important when conducting integration testing between two modules of code written by two different developers, where only the interfaces are exposed for test. Grey box testing may also include reverse engineering to determine, for instance, boundary values or error messages.
Black box testing
Black box testing treats the software as a black-box without any knowledge of internal implementation. Black box testing methods include: equivalence partitioning, boundary value analysis, all-pairs testing, fuzz testing, model-based testing, traceability matrix, exploratory testing, specification based testing, etc.White box testing
White box testing, however, is when the tester has access to the internal data structures and algorithms. (and the code that implement these)Types of white box testing
The following types of white box testing exist:- code coverage - creating tests to satisfy some criteria of code coverage. For example, the test designer can create tests to cause all statements in the program to be executed at least once.
- mutation testing methods.
- fault injection methods.
- static testing - White box testing includes all static testing.
TCP Wrapper is a public domain computer program that provides firewall services for Unix servers. The program was developed by Wietse Venema.
When an unprotected UNIX computer is connected to a network, the computer's system is exposed to other computer users connected to the network. For example, by using the finger utility, a hacker may be able to determine which users are logged on to a given server. It is also possible to find out the identities of individual computers, and various details about their users' recent Internet behavior. A hacker can determine when a workstation is likely to be idle, and then access and use that workstation when it is unattended. TCP Wrapper can act as a firewall to prevent this.
TCP Wrapper monitors incoming packets. If an external computer or host attempts to connect, TCP Wrapper checks to see if that external entity is authorized to connect. If it is authorized, then access is permitted; if not, access is denied. The program can be tailored to suit individual user or network needs.
source - http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183_gci751000,00.html
| firewalking | |
(fīr´wâk-ing) (n.) Developed by Mike Schiffman and David Goldsmith, a technique for testing the vulnerability of a firewall and mapping the routers of a network that sits behind a firewall. Firewalking is a method of disguising port scans. In practical applications, firewalking is similar to tracerouting and works by sending into the firewall TCP or UDP packets that have a TTL set at one hop greater than the targeted firewall. If the packet makes it through the gateway, it is forwarded to the next hop where the TTL equals zero and elicits a TTL "exceeded in transit" message, at which point the packet is discarded. Using this method, access information on the firewall can be determined if successive probe packets are sent.
|
source :-http://www.webopedia.com/TERM/F/firewalking.html
There are 65535 distinct and usable port numbers
Port 135-139 = SMB
SMB ?
SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.
No comments:
Post a Comment