Blackboard performs continuous internal security testing at the code-level (static analysis) and application-level (dynamic analysis) to ensure it meets both Blackboard and our customer's expectations. Furthermore, to regularly get fresh eyes on the application, Blackboard obtains security penetration testing from third party security vendors. Any identified issues are quickly slated for repair.
Static application security testing
Blackboard leverages open source and commercial static analysis scanners to assess Blackboard Learn source code continuously. These tools allow Blackboard to identify potential vulnerabilities in the source code as the system evolves through integration with build environments. Blackboard couples automated source code analysis for security vulnerabilities with manual code reviews.
Dynamic application security testing
Blackboard leverages open source and commercial dynamic analysis scanners to assess the Blackboard Learn application continuously. The automated security scanners test for common web application vulnerabilities from the viewpoint of an end user.
Manual penetration testing
Static and Dynamic Application Security Tools cannot detect all security issues. To further mitigate security risk, Blackboard performs manual penetration testing to identify more complex security vulnerabilities and business logic issues such as improper authorization.