White Box security testing

Interesting article on white box security testing and automated testing tools at Dr Dobbs Portal.

"Whitebox testing is notoriously difficult to do. Without automatic code scanning tools, scanning the source code requires a keen eye, concentration and an enormous amount of time to scan each line for security vulnerabilities. As intruders become more sophisticated at finding security vulnerabilities and writing exploitative code, it becomes more necessary to take every precaution before shipping software.These precautions can range from security training throughout the security development lifecycle (SDLC) to using tools such as source code scanners and vulnerability scanners. "

The article covers:

Introduction
State of the Field
Security Exposure
Benefits
Limitations
When to Use Static Analysis Tools
Good Attributes to Watch Out For


For services for software security testing of applications, systems or infrastructure.