"Black box testing is as good as white box testing", Well this kind of statement from me, may sound a bit odd to regular readers of my blog. But I too have realized that black box testing is not a boring stuff but it can be very interesting. Recently have been doing the black box testing of some of products and web-apps and found few interesting bugs without any knowledge of the source code.
Many times a new product comes out, and not a week goes by before hackers expose embarrassing, sometimes trivial, security weaknesses in the product. Ever wondered how a product from reputed organizations like Microsoft and Google with countless professional software testing people, working full time miss out these bugs while others expose this bugs so easily. The interesting thing about these discoveries, is the fact that these bugs were found by individuals that were not affiliated with the software vendor in any way, and thus had no special access to the product's source code. In most cases, the discoveries were made when the product was already in the market, resulting in large costs to the software vendors in both bad publicity and the costs of developing and distributing patches to the problem.
Many times a new product comes out, and not a week goes by before hackers expose embarrassing, sometimes trivial, security weaknesses in the product. Ever wondered how a product from reputed organizations like Microsoft and Google with countless professional software testing people, working full time miss out these bugs while others expose this bugs so easily. The interesting thing about these discoveries, is the fact that these bugs were found by individuals that were not affiliated with the software vendor in any way, and thus had no special access to the product's source code. In most cases, the discoveries were made when the product was already in the market, resulting in large costs to the software vendors in both bad publicity and the costs of developing and distributing patches to the problem.
Nice post.
ReplyDeleteMost of these issues will be discovered in the real usage scenarios by domain experts. May be we may not thought of that scenario and it's tough to discover this kind of issues via code based testing