Discussion Activity 2

When developing software, it is crucial to consider the security issues that may be associated with the whole process, from the start to the end. While the testing process is placed almost at the end of a secure software development process, security testing should undoubtedly be done since the beginning of the process. I would deploy white box testing during the implementation stage. According to Rungta (n.d), white-box testing checks the design, structure, and software coding. Therefore, it is critical to ensure they are in the proper condition after developing the structure, design, and code. This avoids additional risks in the later stages and spending more time and money to amend them later.

I would then deploy grey box testing during the actual testing of the cycle. Grey box testing involves identifying any defects from improper coding or the use of applications. Therefore, all these have happened at this stage, and hence, doing a test is critical. This test would help in ensuring the coding is perfect and the applications are used appropriately. For instance, I might identify a defect on a code that I had not identified in the white box testing by conducting this test. Hence, grey box testing also counter-checks the errors.

I would then deploy the black box testing after the releasing stage. Black box testing assesses the functionality, non-functionality, and regression or after an upgrade of software. Essentially, it is crucial because it gives a picture of the user experiences when using the software. Also, it helps identify any defects after an upgrade. However, I feel the three testing techniques would not be enough for software that needs a high level of security. Hence, I would perform static and dynamic testing because they would enhance the identification of errors and defects before and after coding.

Reference

Rungta, K. (n.d.). What is WHITE box testing? Techniques, example & types. Meet Guru99 – Free Training Tutorials & Video for IT Courses. https://www.guru99.com/white-box-testing.html

Reply to Matthew Neale

Hello Matthew,

I applaud you for systematically approaching the task, mainly by briefly introducing why security is critical. However, I slightly disagree with you that a code is created during the implementation stage. By the time-integrated information systems or the design are implemented, the code has already been created. Coding is generated and created at the system design stage (Stice-Hall, 2021). Nevertheless, I strongly agree with you that security should not be tested during the testing stage only. It starts from the beginning of the process, as Stice-Hall (2021) posits. Additionally, I find your explanations on when you would implement the three boxes tests interesting as you have extensively elaborated your reasons, which makes one understand easily. Although your discussion may seem long and complex for a knowledgeable audience, you have systematically articulated your points with valid reasons and reasoning, which is recommendable. 

Reference

Stice-Hall, K. (2021, April 21). Secure software development lifecycle. Digital Maelstrom. https://www.digitalmaelstrom.net/it-security-services/secure-software-development-lifecycle-ssdlc/