1
00:00:15,150 --> 00:00:22,500
Let's start with the new lecture in this lecture, me having to cover different categories of testing.

2
00:00:24,270 --> 00:00:30,090
Fairness after an application is developed, it is essential to make various kinds of tests to ensure

3
00:00:30,090 --> 00:00:36,750
the product is completely safe and systematic to perform such tests, multiple techniques are available

4
00:00:36,870 --> 00:00:39,600
like black box, white box and green box.

5
00:00:40,140 --> 00:00:44,730
Each of these techniques or test approaches provide different possibilities.

6
00:00:46,080 --> 00:00:52,200
The black box listing in this kind of testing, you don't need any knowledge of the internal workings

7
00:00:52,200 --> 00:00:52,730
structure.

8
00:00:53,490 --> 00:00:57,030
You can work with the graphical user interface for test cases.

9
00:00:57,750 --> 00:01:04,440
Black box testing is popularly called as functional testing, closed box testing and data driven testing.

10
00:01:05,370 --> 00:01:11,190
This outlook towards the testing involves trial methods and irrigation techniques, as the test does

11
00:01:11,190 --> 00:01:14,580
not require any knowledge of the internal coding of the software.

12
00:01:15,000 --> 00:01:18,280
Moreover, it is not regarded for algorithm testing.

13
00:01:19,110 --> 00:01:20,840
Next is the white box testing.

14
00:01:21,600 --> 00:01:26,280
You don't need any knowledge regarding the internal workings structure that is coding of the software

15
00:01:26,460 --> 00:01:28,310
when dealing with the white box testing.

16
00:01:28,800 --> 00:01:35,070
It is also called structural testing code based testing, transparent testing and clear box testing.

17
00:01:35,580 --> 00:01:41,250
In this testing, verification of the system boundaries and data roaming is the fundamental and there

18
00:01:41,250 --> 00:01:43,430
is no absence of internal coding knowledge.

19
00:01:43,800 --> 00:01:47,820
Also, it is correctly fitted for algorithm testing.

20
00:01:48,300 --> 00:01:54,960
The most important benefit of the white box testing is that the company provides the entire information

21
00:01:55,170 --> 00:01:57,840
of the internal organization of the company.

22
00:01:59,320 --> 00:02:05,740
Next is the gray box testing in this type of testing, you need limited knowledge of the internal workings

23
00:02:05,740 --> 00:02:06,180
structure.

24
00:02:06,790 --> 00:02:12,160
It is usually known as translucent testing as a test, whether this is partial knowledge of the coding

25
00:02:12,430 --> 00:02:13,600
or internal system.

26
00:02:14,110 --> 00:02:19,240
If you have knowledge and especially about appalling data domains and internal testing boundaries of

27
00:02:19,240 --> 00:02:23,710
the software box testing is not suitable for algorithm testing.

28
00:02:24,190 --> 00:02:28,270
The company provides you partial knowledge of the internal system.

29
00:02:29,500 --> 00:02:36,790
How to select a testing methodology, the testing approach you should use depend on a number of factors,

30
00:02:37,000 --> 00:02:43,090
including time allocated to the assessment, access to internal application resources and the goals

31
00:02:43,090 --> 00:02:43,660
of the test.

32
00:02:44,320 --> 00:02:50,470
Tests intended to best approximate short term effects of the attackers with limited resources can be

33
00:02:50,470 --> 00:02:52,890
conducted using blackbox methodologies.

34
00:02:53,560 --> 00:02:59,350
If the test is intended to reflect longer term effects of the attackers who have more significant resources,

35
00:02:59,700 --> 00:03:05,560
Gary works best can help to reflect knowledge that attackers might learn about the applications internals

36
00:03:05,770 --> 00:03:10,840
without requiring the assessment team to explain the full amount of resources that would be available.

37
00:03:10,840 --> 00:03:17,950
Placas teams that need to make the most insightful and far reaching recommendations about the applications

38
00:03:17,950 --> 00:03:22,750
with limited amount of time should use white box or clear box testing.

39
00:03:23,680 --> 00:03:30,820
Security testers should be flexible and be able to plan for any of these scenarios, given the time

40
00:03:30,940 --> 00:03:33,670
and access to resources available for an application.

41
00:03:34,030 --> 00:03:39,670
This is the most important thing in white box testing as the entire information is provided to you.

42
00:03:40,540 --> 00:03:46,840
Analysts consider testing methodology that will maximize the security benefits of the findings within

43
00:03:46,840 --> 00:03:47,980
the given constraints.

44
00:03:48,610 --> 00:03:54,570
Given an understanding that the time and testing resources favor attackers in the wild, assessments

45
00:03:54,580 --> 00:03:57,780
team should optimize their activities accordingly.

46
00:03:58,210 --> 00:04:05,890
Next is the types of testing network penetration testing in Network Peaty.

47
00:04:06,310 --> 00:04:11,200
You be testing the network environment for potential security vulnerabilities and threats.

48
00:04:11,860 --> 00:04:14,560
This test is divided into two categories.

49
00:04:14,740 --> 00:04:22,300
External and internal testing and external testing would involve testing the public IP address, whereas

50
00:04:22,540 --> 00:04:27,850
in an internal test you can become part of the internal network and test that network.

51
00:04:28,390 --> 00:04:34,930
You may be provided a VPN access to the network or would have to physically go to the work environment

52
00:04:34,930 --> 00:04:36,040
for testing.

53
00:04:37,150 --> 00:04:44,200
Next is a Web application, peaty web application penetration testing is very common nowadays since

54
00:04:44,200 --> 00:04:50,070
the application hosts critical data such as the credit card numbers, usernames and passwords.

55
00:04:50,380 --> 00:04:54,580
Therefore, this type of investing has become more common than network.

56
00:04:54,580 --> 00:05:01,360
When testing mobile application and testing the mobile application, Peaty is the newest.

57
00:05:01,360 --> 00:05:07,540
They will find testing that has become common since almost every organization use Android and iOS based

58
00:05:07,540 --> 00:05:10,570
mobile applications to provide services to their customers.

59
00:05:11,110 --> 00:05:16,840
Therefore, organizations want to make sure that their mobile applications are secure enough for users

60
00:05:16,990 --> 00:05:18,280
to rely on the company.

61
00:05:19,270 --> 00:05:25,930
Next is the social engineering protesting the social engineering party can be a part of network protesting

62
00:05:26,470 --> 00:05:31,390
in a social engineering party, the organization may ask you to attack its users.

63
00:05:31,990 --> 00:05:39,310
This is where you use spearfishing, attacks and browser experts to trick a user into doing things they

64
00:05:39,310 --> 00:05:40,720
did not intend to do.

65
00:05:40,720 --> 00:05:44,410
So in the last is the physical penetration.

66
00:05:44,410 --> 00:05:50,230
Testing of physical beauty is what you would really be doing in your career as a protester.

67
00:05:50,530 --> 00:05:56,680
In physical penetration testing, you would be asked to walk into the organization's building physically

68
00:05:56,920 --> 00:06:01,450
and test physical security controls such as locks and RFID mechanisms.

69
00:06:02,290 --> 00:06:06,580
In the next lecture, we will see the phases of testing.