Black Box Testing

From SCADApedia

Black box testing of software, is the process of testing the actual implementation of a particular technology by analyzing the internal structure at the assembly/compiled level. Unlike the source code analysis in white box testing, the binary code analyzed in black box testing is typically available to attackers.

Overview

Binary analysis is the process of analyzing compiled or binary code. While complex source code can at times be difficult to follow, analysis of the compiled code is very straightforward, using only the core functionality that the target processor offers. This allows for more easily discovery of subtle vulnerabilities that may be nearly undetectable in the source code. Black box testing helps the auditor have a very clear understanding of all code paths involved for a given function, and gives clear answer on exactly what the optimizations the compiler will use to generate the binary from the source code. This approach is often used in audits as it most clearly mimics the level of access an attacker would have to the software in question.

Candidate Point Selection

Due to the time taken to preform effective binary analysis sections of assembly code are chosen by tracing input, analyzing points at which a fault/error has occurred (often found through fuzzing), and choosing specific points of interest identified by called to certain library functions. This allows the auditor to make the best use of his allotted time by only examining points at which an error may occur or a context switch may occur that would allow elevation of privileges or the execution of arbitrary code.

Correctness Testing

Often times testing for correctness of implementation is out of the scope of binary analysis, but is useful in some cases, such as checking encryption/decryption routines to ensure that strong cryptographic methods are used and not simply applying a xor to the data.