White-Box Testing

White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing)
is a method of testing software that tests internal structures or
workings of an application, as opposed to its functionality (i.e. black-box testing).
In white-box testing an internal perspective of the system, as well as
programming skills, are required and used to design test cases. The
tester chooses inputs to exercise paths through the code and determine
the appropriate outputs. This is analogous to testing nodes in a
circuit, e.g. in-circuit testing (ICT).

While white-box testing can be applied at the unit, integration and system levels of the software testing
process, it is usually done at the unit level. It can test paths within
a unit, paths between units during integration, and between subsystems
during a system level test. Though this method of test design can
uncover many errors or problems, it might not detect unimplemented parts
of the specification or missing requirements.

White-box test design techniques include:

  • Control flow testing
  • Data flow testing
  • Branch testing
  • Path testing

Hacking

In penetration testing, white-box testing refers to a methodology where an ethical hacker
has full knowledge of the system being attacked. The goal of a
white-box penetration test is to simulate a malicious insider who has
some knowledge and possibly basic credentials to the target system.

Source: wikipedia.org

Wiretapping

Telephone tapping (also wire tapping or wiretapping in American English) is the monitoring of telephone and Internet conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on the telephone line. Legal wiretapping by a government agency is also called lawful interception. Passive wiretapping monitors or records the traffic, while active wiretapping alters or otherwise affects it.

 

Internet

In 1995, Peter Garza, a Special Agent with the Naval Criminal Investigative Service, conducted the first court-ordered Internet wiretap in the United States while investigating Julio Cesar Ardita (“El Griton“).

As technologies emerge, including VoIP, new questions are raised about law enforcement access to communications (see VoIP recording). In 2004, the Federal Communications Commission was asked to clarify how the Communications Assistance for Law Enforcement Act (CALEA) related to Internet service providers. The FCC stated that “providers of broadband Internet access and voice over Internet protocol (“VoIP”) services are regulable as “telecommunications carriers” under the Act.”[10] Those affected by the Act will have to provide access to law enforcement officers who need to monitor or intercept communications transmitted through their networks. As of 2009, warrantless surveillance of internet activity has consistently been upheld in FISA court.[11]

The Internet Engineering Task Force has decided not to consider requirements for wiretapping as part of the process for creating and maintaining IETF standards.[12]

Typically, illegal Internet wiretapping will be conducted via Wi-Fi connection to someone’s internet by cracking the WEP or WPA key, using a tool such as Aircrack-ng or Kismet. Once in, the intruder will rely on a number of potential tactics, for example an ARP spoofing attack which will allow the intruder to view packets in a tool such as Wireshark or Ettercap.

One issue that Internet wiretapping is yet to overcome is that of steganography, whereby a user encodes, or “hides”, one file inside another (usually a larger, dense file like a MP3 or JPEG image). With modern advancements in encoding technologies, the resulting combined file is essentially indistinguishable to anyone attempting to view it, unless they have the necessary protocol to extract the hidden file.[13][14] US News reported that this technique was commonly used by Osama bin Laden as a way to communicate with his terrorist cells.

 

Source: wikipedia.org