924:
techniques are the building blocks of white-box testing, whose essence is the careful testing of the application at the source code level to reduce hidden errors later on. These different techniques exercise every visible path of the source code to minimize errors and create an error-free environment. The whole point of white-box testing is the ability to know which line of the code is being executed and being able to identify what the correct output should be.
1096:
abstraction. The real point is that tests are usually designed from an abstract structure such as the input space, a graph, or logical predicates, and the question is what level of abstraction we derive that abstract structure from. That can be the source code, requirements, input space descriptions, or one of dozens of types of design models. Therefore, the "white-box / black-box" distinction is less important and the terms are less relevant.
936:. White-box testing is done during unit testing to ensure that the code is working as intended, before integration happens with previously tested code. White-box testing during unit testing potentially catches many defects early on and aids in addressing defects that happen later on after the code is integrated with the rest of the application and therefore reduces the impacts of errors later in development.
133:
942:. White-box testing at this level is written to test the interactions of interfaces with each other. The unit level testing made sure that each code was tested and working accordingly in an isolated environment and integration examines the correctness of the behaviour in an open environment through the use of white-box testing for any interactions of interfaces that are known to the programmer.
1010:
25:
1075:
The code under test could be rewritten to implement the same functionality in a different way that invalidates the assumptions baked into the test. This could result in tests that fail unnecessarily or, in the worst case, tests that now give false positives and mask errors in the code. The white-box
1071:
White-box tests are written to test the details of a specific implementation. This means that the tests will fail when the implementation changes as the test is tightly coupled to the implementation. Additional work has to be done to update the tests so they match the implementation again when it is
957:
White-box testing's basic procedures require the tester to have an in-depth knowledge of the source code being tested. The programmer must have a deep understanding of the application to know what kinds of test cases to create so that every visible path is exercised for testing. Once the source code
1112:
has full knowledge of the system being attacked. The goal of a white-box penetration test is to simulate a malicious insider who has knowledge of and possibly basic credentials for the target system. For such a penetration test, administrative credentials are typically provided in order to analyse
1079:
White-box testing brings complexity to testing because the tester must have knowledge of the program, or the test team needs to have at least one very good programmer who can understand the program at the code level. White-box testing requires a programmer with a high level of knowledge due to the
1095:
A more modern view is that the dichotomy between white-box testing and black-box testing has blurred and is becoming less relevant. Whereas "white-box" originally meant using the source code, and black-box meant using requirements, tests are now derived from many documents at various levels of
923:
testing, data flow testing, branch testing, path testing, statement coverage and decision coverage as well as modified condition/decision coverage. White-box testing is the use of these techniques as guidelines to create an error-free environment by examining all code. These white-box testing
860:
levels of the software testing process. Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between
861:
subsystems during a system–level test. Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification or missing requirements. Where white-box testing is design-driven, that is, driven
966:
Processing involves performing risk analysis to guide whole testing process, proper test plan, execute test cases and communicate results. This is the phase of building test cases to make sure they thoroughly test the application the given results are recorded
844:). In white-box testing, an internal perspective of the system is used to design test cases. The tester chooses inputs to exercise paths through the code and determine the expected outputs. This is analogous to testing nodes in a circuit, e.g.
962:
Input involves different types of requirements, functional specifications, detailed designing of documents, proper source code and security specifications. This is the preparation stage of white-box testing to lay out all of the basic
1072:
changed. On the other hand with black-box testing, tests are independent of the implementation, and so they will still run successfully if the implementation changes but the output or side-effects of the implementation do not.
1113:
how or which attacks can impact high-privileged accounts. Source code can be made available to be used as a reference for the tester. When the code is a target of its own, this is not (only) a penetration test but a
804:
919:
White-box testing is a method of testing the application at the level of the source code. These test cases are derived through the use of the design techniques mentioned above:
758:
1329:
958:
is understood then it can be analyzed for test cases to be created. The following are the three basic steps that white-box testing takes in order to create test cases:
1076:
test never was written such that it tests the intended behavior of the code under test, but instead only such that the specific implementation does what it does.
725:
1439:
989:
Provides traceability of tests from the source, thereby allowing future changes to the source to be easily captured in the newly added or modified tests.
797:
1083:
On some occasions, it is not realistic to be able to test every single existing condition of the application and some conditions will be untested.
567:
715:
1281:
790:
690:
431:
902:
710:
1196:
748:
257:
1031:
948:. White-box testing during regression testing is the use of recycled white-box test cases at the unit and integration testing levels.
657:
421:
42:
1313:
1245:
1057:
524:
108:
1689:
647:
642:
398:
190:
89:
776:
61:
1432:
1035:
667:
380:
360:
46:
577:
466:
456:
406:
68:
1714:
1653:
753:
481:
446:
297:
225:
572:
544:
1020:
1200:
695:
539:
426:
416:
355:
75:
1039:
1024:
35:
1750:
1745:
1658:
1425:
461:
441:
1699:
1648:
1618:
1560:
602:
471:
451:
57:
730:
612:
491:
365:
250:
873:
processes), white-box test techniques can accomplish assessment for unimplemented or missing requirements.
1136:
672:
582:
534:
476:
178:
1578:
1573:
1157:
529:
496:
312:
302:
202:
1159:
NASA/CR–2003-212806 Certification
Processes for Safety-Critical and Mission-Critical Aerospace Software
1623:
1613:
1166:
592:
436:
370:
337:
317:
278:
233:
214:
840:
that tests internal structures or workings of an application, as opposed to its functionality (i.e.
1608:
1603:
1593:
1537:
1482:
1472:
939:
853:
587:
506:
332:
229:
186:
1347:
970:
Output involves preparing final report that encompasses all of the above preparations and results.
1663:
1638:
1598:
1588:
1532:
945:
705:
243:
986:
Gives the programmer introspection because developers carefully describe any new implementation.
82:
1673:
1467:
1462:
1309:
1277:
1241:
1126:
1086:
The tests focus on the software as it exists, and missing functionality may not be discovered.
841:
161:
1643:
1628:
1583:
1509:
1494:
1487:
1448:
1396:
1131:
1109:
1105:
837:
662:
625:
607:
597:
322:
198:
1668:
980:
Side effects of having the knowledge of the source code is beneficial to thorough testing.
845:
549:
501:
385:
307:
865:
by agreed specifications of how each component of software is required to behave (as in
1719:
1694:
1633:
1542:
1514:
1297:
857:
221:
149:
1739:
1405:
1395:
BCS SIGIST (British
Computer Society Specialist Interest Group in Software Testing):
1302:
1234:
877:
292:
1411:
1709:
1704:
1547:
1477:
933:
920:
884:
849:
375:
1724:
1568:
1504:
1267:
1009:
182:
165:
132:
24:
1370:
1114:
870:
327:
145:
124:
983:
Optimization of code becomes easy as inconspicuous bottlenecks are exposed.
1271:
700:
652:
637:
632:
1207:
866:
411:
1417:
1408:
has more information on control flow testing and data flow testing.
486:
995:
Provides clear, engineering-based rules for when to stop testing.
720:
1421:
1003:
18:
1371:"What is Code Audit: Understanding its Purpose and Process"
1397:
http://www.testingstandards.co.uk/Component%20Testing.pdf
1175:
testing where engineers examine internal workings of code
1080:
complexity of the level of testing that needs to be done.
876:
White-box test design techniques include the following
1682:
1556:
1525:
1455:
208:
172:
155:
139:
123:
49:. Unsourced material may be challenged and removed.
1406:http://agile.csc.ncsu.edu/SEMaterials/WhiteBox.pdf
1301:
1233:
1412:http://research.microsoft.com/en-us/projects/pex/
1335:. Federal Office for Information Security (BSI).
16:Method of software testing of internal structure
1108:, white-box testing refers to a method where a
848:(ICT). White-box testing can be applied at the
1433:
798:
251:
8:
1261:
1259:
1257:
1038:. Unsourced material may be challenged and
1440:
1426:
1418:
1414:Pex – Automated white-box testing for .NET
805:
791:
269:
258:
244:
1240:. Addison-Wesley Publishing Company Inc.
1058:Learn how and when to remove this message
109:Learn how and when to remove this message
1400:Standard for Software Component Testing
1191:
1189:
1187:
1185:
1183:
1148:
277:
759:Electrical and electronics engineering
120:
1402:], Working Draft 3.4, 27. April 2001.
7:
1206:. pp. 60–61, 69. Archived from
1036:adding citations to reliable sources
903:Modified condition/decision coverage
47:adding citations to reliable sources
14:
1350:. Blaze Information Security GmbH
685:Standards and bodies of knowledge
1690:Graphical user interface testing
1273:Introduction to Software Testing
1008:
131:
23:
1236:Testing Object-oriented Systems
777:Outline of software development
34:needs additional citations for
1348:"Types of penetration testing"
1276:. Cambridge University Press.
1:
1330:"A Penetration Testing Model"
1715:Software reliability testing
1654:Software performance testing
1304:The Art of Software Testing
1767:
1557:Testing types, techniques,
1156:Stacy Nelson (June 2003),
1115:source code security audit
540:Software quality assurance
239:
213:
177:
160:
144:
130:
1700:Orthogonal array testing
1649:Smoke testing (software)
1619:Dynamic program analysis
525:Configuration management
1308:. John Wiley and Sons.
830:transparent box testing
749:Artificial intelligence
1137:White-box cryptography
1117:(or security review).
673:Infrastructure as code
519:Supporting disciplines
156:Methods and techniques
1579:Compatibility testing
530:Deployment management
234:Thermodynamic systems
203:System identification
1624:Installation testing
1614:Differential testing
1232:Binder, Bob (2000).
1167:Ames Research Center
1032:improve this section
350:Paradigms and models
279:Software development
43:improve this article
1609:Development testing
1604:Destructive testing
1594:Conformance testing
1538:Integration testing
1483:Model-based testing
1473:Exploratory testing
1201:"White-Box Testing"
1171:White Box Testing:
1106:penetration testing
940:Integration testing
273:Part of a series on
230:Operations research
187:Pattern recognition
58:"White-box testing"
1664:Symbolic execution
1639:Regression testing
1599:Continuous testing
1589:Concurrent testing
1533:Acceptance testing
1456:The "box" approach
946:Regression testing
907:Prime path testing
896:Statement coverage
846:in-circuit testing
834:structural testing
668:Release automation
545:Project management
173:Related techniques
1733:
1732:
1674:Usability testing
1500:White-box testing
1468:All-pairs testing
1463:Black-box testing
1373:. 17 Web Dev, LLC
1369:Sullivan, James.
1283:978-0-521-88038-1
1127:Black-box testing
1068:
1067:
1060:
992:Easy to automate.
899:Decision coverage
890:Data flow testing
842:black-box testing
836:) is a method of
826:glass box testing
822:clear box testing
818:White-box testing
815:
814:
706:ISO/IEC standards
268:
267:
195:White-box testing
162:Black-box testing
125:Black box systems
119:
118:
111:
93:
1758:
1751:Hardware testing
1746:Software testing
1644:Security testing
1629:Negative testing
1584:Concolic testing
1510:Mutation testing
1495:Grey-box testing
1488:Scenario testing
1449:Software testing
1442:
1435:
1428:
1419:
1383:
1382:
1380:
1378:
1366:
1360:
1359:
1357:
1355:
1346:Baran, Ewelina.
1343:
1337:
1336:
1334:
1326:
1320:
1319:
1307:
1294:
1288:
1287:
1263:
1252:
1251:
1239:
1229:
1223:
1222:
1220:
1218:
1212:
1205:
1197:Williams, Laurie
1193:
1178:
1177:
1164:
1153:
1132:Gray-box testing
1110:white hat hacker
1063:
1056:
1052:
1049:
1043:
1012:
1004:
838:software testing
807:
800:
793:
754:Computer science
663:Build automation
270:
260:
253:
246:
199:Gray-box testing
135:
121:
114:
107:
103:
100:
94:
92:
51:
27:
19:
1766:
1765:
1761:
1760:
1759:
1757:
1756:
1755:
1736:
1735:
1734:
1729:
1678:
1669:Test automation
1558:
1552:
1521:
1451:
1446:
1392:
1387:
1386:
1376:
1374:
1368:
1367:
1363:
1353:
1351:
1345:
1344:
1340:
1332:
1328:
1327:
1323:
1316:
1298:Myers, Glenford
1296:
1295:
1291:
1284:
1265:
1264:
1255:
1248:
1231:
1230:
1226:
1216:
1214:
1213:on 3 March 2016
1210:
1203:
1195:
1194:
1181:
1162:
1155:
1154:
1150:
1145:
1123:
1102:
1093:
1064:
1053:
1047:
1044:
1029:
1013:
1002:
977:
955:
953:Basic procedure
930:
917:
820:(also known as
811:
782:
781:
772:
764:
763:
744:
736:
735:
686:
678:
677:
628:
618:
617:
563:
555:
554:
550:User experience
520:
512:
511:
402:
391:
390:
351:
343:
342:
288:
287:Core activities
264:
222:Control systems
168:
115:
104:
98:
95:
52:
50:
40:
28:
17:
12:
11:
5:
1764:
1762:
1754:
1753:
1748:
1738:
1737:
1731:
1730:
1728:
1727:
1722:
1720:Stress testing
1717:
1712:
1707:
1702:
1697:
1695:Manual testing
1692:
1686:
1684:
1680:
1679:
1677:
1676:
1671:
1666:
1661:
1659:Stress testing
1656:
1651:
1646:
1641:
1636:
1634:Random testing
1631:
1626:
1621:
1616:
1611:
1606:
1601:
1596:
1591:
1586:
1581:
1576:
1571:
1565:
1563:
1554:
1553:
1551:
1550:
1545:
1543:System testing
1540:
1535:
1529:
1527:
1526:Testing levels
1523:
1522:
1520:
1519:
1518:
1517:
1515:Static testing
1512:
1507:
1497:
1492:
1491:
1490:
1485:
1480:
1475:
1470:
1459:
1457:
1453:
1452:
1447:
1445:
1444:
1437:
1430:
1422:
1416:
1415:
1409:
1403:
1391:
1390:External links
1388:
1385:
1384:
1361:
1338:
1321:
1314:
1289:
1282:
1266:Ammann, Paul;
1253:
1246:
1224:
1179:
1169:, p. 25,
1147:
1146:
1144:
1141:
1140:
1139:
1134:
1129:
1122:
1119:
1101:
1098:
1092:
1089:
1088:
1087:
1084:
1081:
1077:
1073:
1066:
1065:
1016:
1014:
1007:
1001:
998:
997:
996:
993:
990:
987:
984:
981:
976:
973:
972:
971:
968:
964:
954:
951:
950:
949:
943:
937:
929:
926:
916:
913:
912:
911:
908:
905:
900:
897:
894:
893:Branch testing
891:
888:
813:
812:
810:
809:
802:
795:
787:
784:
783:
780:
779:
773:
770:
769:
766:
765:
762:
761:
756:
751:
745:
742:
741:
738:
737:
734:
733:
728:
723:
718:
713:
708:
703:
698:
696:IEEE standards
693:
687:
684:
683:
680:
679:
676:
675:
670:
665:
660:
655:
650:
645:
640:
635:
629:
624:
623:
620:
619:
616:
615:
610:
605:
600:
595:
590:
585:
580:
575:
570:
564:
561:
560:
557:
556:
553:
552:
547:
542:
537:
532:
527:
521:
518:
517:
514:
513:
510:
509:
504:
499:
494:
489:
484:
479:
474:
469:
464:
459:
454:
449:
444:
439:
434:
429:
424:
419:
414:
409:
403:
401:and frameworks
397:
396:
393:
392:
389:
388:
383:
378:
373:
368:
363:
358:
352:
349:
348:
345:
344:
341:
340:
335:
330:
325:
320:
315:
310:
305:
300:
295:
289:
286:
285:
282:
281:
275:
274:
266:
265:
263:
262:
255:
248:
240:
237:
236:
211:
210:
206:
205:
175:
174:
170:
169:
158:
157:
153:
152:
150:Oracle machine
142:
141:
137:
136:
128:
127:
117:
116:
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
1763:
1752:
1749:
1747:
1744:
1743:
1741:
1726:
1723:
1721:
1718:
1716:
1713:
1711:
1708:
1706:
1703:
1701:
1698:
1696:
1693:
1691:
1688:
1687:
1685:
1681:
1675:
1672:
1670:
1667:
1665:
1662:
1660:
1657:
1655:
1652:
1650:
1647:
1645:
1642:
1640:
1637:
1635:
1632:
1630:
1627:
1625:
1622:
1620:
1617:
1615:
1612:
1610:
1607:
1605:
1602:
1600:
1597:
1595:
1592:
1590:
1587:
1585:
1582:
1580:
1577:
1575:
1572:
1570:
1567:
1566:
1564:
1562:
1555:
1549:
1546:
1544:
1541:
1539:
1536:
1534:
1531:
1530:
1528:
1524:
1516:
1513:
1511:
1508:
1506:
1503:
1502:
1501:
1498:
1496:
1493:
1489:
1486:
1484:
1481:
1479:
1476:
1474:
1471:
1469:
1466:
1465:
1464:
1461:
1460:
1458:
1454:
1450:
1443:
1438:
1436:
1431:
1429:
1424:
1423:
1420:
1413:
1410:
1407:
1404:
1401:
1398:
1394:
1393:
1389:
1372:
1365:
1362:
1349:
1342:
1339:
1331:
1325:
1322:
1317:
1315:9780471043287
1311:
1306:
1305:
1299:
1293:
1290:
1285:
1279:
1275:
1274:
1269:
1262:
1260:
1258:
1254:
1249:
1247:9780201809381
1243:
1238:
1237:
1228:
1225:
1209:
1202:
1198:
1192:
1190:
1188:
1186:
1184:
1180:
1176:
1174:
1173:Design-driven
1168:
1161:
1160:
1152:
1149:
1142:
1138:
1135:
1133:
1130:
1128:
1125:
1124:
1120:
1118:
1116:
1111:
1107:
1099:
1097:
1090:
1085:
1082:
1078:
1074:
1070:
1069:
1062:
1059:
1051:
1041:
1037:
1033:
1027:
1026:
1022:
1017:This section
1015:
1011:
1006:
1005:
1000:Disadvantages
999:
994:
991:
988:
985:
982:
979:
978:
974:
969:
965:
961:
960:
959:
952:
947:
944:
941:
938:
935:
932:
931:
927:
925:
922:
914:
909:
906:
904:
901:
898:
895:
892:
889:
886:
883:
882:
881:
879:
878:code coverage
874:
872:
868:
864:
859:
855:
851:
847:
843:
839:
835:
831:
827:
823:
819:
808:
803:
801:
796:
794:
789:
788:
786:
785:
778:
775:
774:
768:
767:
760:
757:
755:
752:
750:
747:
746:
740:
739:
732:
729:
727:
724:
722:
719:
717:
714:
712:
709:
707:
704:
702:
699:
697:
694:
692:
689:
688:
682:
681:
674:
671:
669:
666:
664:
661:
659:
656:
654:
651:
649:
646:
644:
641:
639:
636:
634:
631:
630:
627:
622:
621:
614:
611:
609:
606:
604:
601:
599:
596:
594:
591:
589:
586:
584:
581:
579:
576:
574:
571:
569:
566:
565:
559:
558:
551:
548:
546:
543:
541:
538:
536:
535:Documentation
533:
531:
528:
526:
523:
522:
516:
515:
508:
505:
503:
500:
498:
495:
493:
490:
488:
485:
483:
480:
478:
475:
473:
470:
468:
465:
463:
460:
458:
455:
453:
450:
448:
445:
443:
440:
438:
435:
433:
430:
428:
425:
423:
420:
418:
415:
413:
410:
408:
405:
404:
400:
399:Methodologies
395:
394:
387:
384:
382:
379:
377:
374:
372:
369:
367:
364:
362:
359:
357:
354:
353:
347:
346:
339:
336:
334:
331:
329:
326:
324:
321:
319:
316:
314:
311:
309:
306:
304:
301:
299:
296:
294:
293:Data modeling
291:
290:
284:
283:
280:
276:
272:
271:
261:
256:
254:
249:
247:
242:
241:
238:
235:
231:
227:
223:
219:
217:
212:
207:
204:
200:
196:
192:
188:
184:
180:
176:
171:
167:
163:
159:
154:
151:
147:
143:
138:
134:
129:
126:
122:
113:
110:
102:
99:February 2013
91:
88:
84:
81:
77:
74:
70:
67:
63:
60: –
59:
55:
54:Find sources:
48:
44:
38:
37:
32:This article
30:
26:
21:
20:
1710:Soak testing
1705:Pair testing
1548:Unit testing
1499:
1478:Fuzz testing
1399:
1377:12 September
1375:. Retrieved
1364:
1354:12 September
1352:. Retrieved
1341:
1324:
1303:
1292:
1272:
1268:Offutt, Jeff
1235:
1227:
1215:. Retrieved
1208:the original
1172:
1170:
1158:
1151:
1103:
1094:
1054:
1045:
1030:Please help
1018:
967:accordingly.
963:information.
956:
934:Unit testing
921:control flow
918:
910:Path testing
885:Control flow
875:
862:
833:
829:
825:
821:
817:
816:
653:UML Modeling
648:GUI designer
313:Construction
303:Requirements
226:Open systems
215:
209:Fundamentals
194:
179:Feed forward
105:
96:
86:
79:
72:
65:
53:
41:Please help
36:verification
33:
1725:Web testing
1569:A/B testing
1505:API testing
1217:13 February
1091:Modern view
863:exclusively
854:integration
371:Prototyping
366:Incremental
338:Maintenance
318:Engineering
218:information
183:Obfuscation
166:Blackboxing
1740:Categories
1143:References
975:Advantages
880:criteria:
743:Glossaries
333:Deployment
69:newspapers
1574:Benchmark
1048:July 2023
1019:does not
871:ISO 26262
562:Practices
386:Waterfall
361:Cleanroom
328:Debugging
298:Processes
191:White box
146:Black box
1683:See also
1300:(1979).
1270:(2008).
1121:See also
915:Overview
771:Outlines
701:ISO 9001
643:Profiler
638:Debugger
633:Compiler
608:Stand-up
216:A priori
1561:tactics
1100:Hacking
1040:removed
1025:sources
887:testing
867:DO-178C
442:Lean SD
381:V model
323:Testing
83:scholar
1312:
1280:
1244:
928:Levels
858:system
832:, and
716:SWEBOK
437:Kanban
412:DevOps
376:Spiral
308:Design
140:System
85:
78:
71:
64:
56:
1333:(PDF)
1211:(PDF)
1204:(PDF)
1163:(PDF)
711:PMBOK
626:Tools
487:SEMAT
482:Scrum
356:Agile
90:JSTOR
76:books
1559:and
1379:2024
1356:2024
1310:ISBN
1278:ISBN
1242:ISBN
1219:2013
1023:any
1021:cite
869:and
856:and
850:unit
726:IREB
721:ITIL
691:CMMI
568:ATDD
477:SAFe
447:LeSS
422:DSDM
62:news
1104:In
1034:by
731:OMG
658:IDE
613:TDD
603:SBE
593:DDD
578:CCO
573:BDD
497:TSP
492:TDD
472:RUP
467:RAD
462:PSP
457:MSF
452:MDD
432:IID
427:FDD
417:DAD
407:ASD
45:by
1742::
1256:^
1199:.
1182:^
1165:,
852:,
828:,
824:,
598:PP
588:CD
583:CI
507:XP
502:UP
232:,
228:,
224:,
220:,
201:,
197:,
193:,
189:,
185:,
181:,
164:,
148:,
1441:e
1434:t
1427:v
1381:.
1358:.
1318:.
1286:.
1250:.
1221:.
1061:)
1055:(
1050:)
1046:(
1042:.
1028:.
806:e
799:t
792:v
259:e
252:t
245:v
112:)
106:(
101:)
97:(
87:·
80:·
73:·
66:·
39:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.