Simulating black box test results using information from white box testing

What is claimed is: 1. A system, comprising: a white box tester that statically analyzes computer software to identify a plurality of milestones, including a first milestone, associated with a potential vulnerability within the computer software, wherein each of the milestones indicates a location of a method call of a source code statement within the computer software at which a data item can be accessed and modified and wherein the first milestone indicates a first source code location within the computer software at which the data item can be accessed and modified without validation, resulting in the potential vulnerability; an entry point tracer that identifies one or more entry points into the computer software associated with the potential vulnerability by tracing paths from the source code statement of the first milestone, wherein each entry point provides a method location where an interface of the computer software is exposed to receive input external to the computer software; an input analyzer that identifies one or more HTTP request parameter inputs to at least a first one of the one or more entry points that results in a control flow from the first entry point to the first milestone; and a black box simulator that: automatically identifies, from a consultation of an Extensible Markup Language (XML) configuration file for a web server executing the computer software, a uniform resource locator (URL) of a class representing the computer software having the potential vulnerability based on the first entry point and the one or more identified HTTP request parameter inputs; and presents a simulated black box test result for the computer software by generating a description of the potential vulnerability indicating the identified URL exposing the potential vulnerability, and one or more of the identified HTTP request parameter inputs that have not been validated. 2. The system of claim 1 wherein the entry point tracer is configured to construct a call graph of method invocations within the computer software and utilize the call graph to trace the path. 3. The system of claim 1 wherein the input analyzer is configured to analyze each of the milestones to identify any constraints the milestone places on the input in order to allow the control flow to reach first the milestone given the input. 4. The system of claim 1 wherein the computer software is an application. 5. A computer program product, comprising: a non-transitory computer-readable storage medium; and computer-readable program code embodied in the computer-readable storage medium, wherein the computer-readable program code: statically analyzes computer software to identify a plurality of milestones, including a first milestone, associated with a potential vulnerability within the computer software, wherein each of the milestones indicates a respective location of a method call within a respective source code statement of the computer software which accesses a data variable associated with the potential vulnerability and the first milestone indicates a first source code location of the method call within the computer software which allows the data variable to be accessed and modified without validation, resulting in the potential vulnerability, identifies one or more entry points into the computer software associated with the potential vulnerability by tracing paths from the source code statement associated with the first milestone, wherein each entry point is a location where an interface of the computer software is exposed to receive input to the computer software from a source that is external to the computer software, identifies one or more HTTP request parameter inputs to at least a first one of the one or more entry points that results in a control flow from the first entry point to the first milestone, automatically identifies, from a consultation of an Extensible Markup Language (XML) configuration file for a web server executing the computer software, a uniform resource locator (URL) of a class representing the computer software having the potential vulnerability based on the first entry point and the one or more HTTP request parameter inputs, and presents a simulated black box test result detailing, for the computer software, a description of the potential vulnerability, the identified URL exposing the potential vulnerability, and one or more of the identified HTTP request parameter inputs that have not been validated. 6. The computer program product of claim 5 , wherein the computer-readable program code is configured to construct a call graph of method invocations within the computer software and utilizing the call graph to trace the path. 7. The computer program product of claim 5 , wherein the computer-readable program code is configured to analyze each of the milestones to identify any constraints the milestone places on the input in order to allow the control flow to reach the first milestone given the input. 8. The computer program product of claim 5 wherein the computer software is an application.