The figure provides a graphic depiction of the security testing process.
This same process applies at all levels of testing, from unit testing to systems
testing. The use of this document does not require subscribing to a specific
testing process or methodology. Readers are urged to fit the activities
described here into the process followed within their organization.
The general outline of the white box testing process is as follows:
Perform risk analysis to guide the whole testing process.
Develop a test strategy that defines what testing activities are
needed to accomplish testing goals.
Develop a detailed test plan that organizes the subsequent testing
process.
Prepare the test environment for test execution.
Execute test cases and communicate results.
Prepare a report.
In addition to the general activities described above, the process diagram
introduces review cycles, reporting mechanisms, deliverables, and
responsibilities.