[WEB SECURITY] the different between black box test and fuzzing test .

Andrew Petukhov petand at lvk.cs.msu.su
Tue Jun 14 01:38:11 EDT 2011


"Black-box" - outlines the capabalities of a tester (i.e. provide input
and check output).
"Fuzzing"  - outlines an idea for reaching the goal of testing. There
are different goals:  security, acceptance, functional, etc.

So sum the things up, these are different dimensions in testing:
capabilities, the goal of testing and the technique used to reach the goal.
For example, you can imagine white-box security testing using in-memmory
fuzzing with dynamic taint analysis.

Hope that helps.

Cheers,
Andrew

6/14/11 5:56 AM, 孙松柏 пишет:
> hi every one !
> i recently write a paper about open source WAVS .
> I am confused about the fuzzing test and the black box testing.
> can anyone tell me the similarities and differences between them ?
> thx for u precious time !
>
> -- 
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org




More information about the websecurity mailing list