Simulating black box test results using information from white box testing

1. A method, comprising:

• statically analyzing computer software and identifying a plurality of milestones, including a first milestone, associated with a potential vulnerability within the computer software, wherein the first milestone indicates a location of a method call, within the source code of the computer software, having the potential vulnerability and a data variable referenced in a source code statement, wherein the potential vulnerability allows the data variable to be accessed by the source code statement without validation;
  
  identifying one or more entry points into the computer software associated with the potential vulnerability by tracing paths from the first milestone, wherein each entry point provides a method location where an interface of the computer software is exposed to receive input external to the computer software;
  
  identifying one or more HTTP request parameter inputs to at least a first one of the one or more entry points that results in a control flow from the first entry point to the first milestone;
  
  automatically identifying, from a consultation of an Extensible Markup Language (XML) configuration file for a web server executing the computer software, a uniform resource locator (URL) of a class representing the computer software having the potential vulnerability based on the first entry point and the one or more identified HTTP request parameter inputs; and
  
  presenting a simulated black box test result via a computer-controlled output medium detailing, for the computer software, a description of the potential vulnerability, the identified URL exposing the potential vulnerability, and one or more of the identified HTTP request parameter inputs that have not been validated.