A Guide To: White Box, Black Box, and Gray Box testing.

October 25, 2020

There are three methods of testing used in the software testing process: White Box, Black Box, and Gray Box testing. All three methods focus on the testing process from a different point of view, and cannot be used on their own. Completing all three of these methods guarantees that a higher quality product reaches the end-user.

White Box testing

The main purpose of White Box testing is to check the code and the internal structure of a particular product that is being tested. A tester is looking at the input-output processes here, with a heavy focus on the inner workings of the product.

Other names for White Box testing, include Open, Glass, Transparent, Clear Box, and Code-based testing.

White Box testing looks for errors in these areas:

  •  Broken or not optimized coded parts
  •  Loss of security
  • Workflow and scenarios for certain input processes
  • Conditional loop issues
  • Object malfunction
  • Wrong output

System verification is the main goal of White Box testing, and wrong outputs may be classified as ‘bugs’ that need to be corrected.

How is White Box testing performed? 

To cut a long story short, there are two steps in White Box testing:

Step 1 - Study the source code

Understanding the application’s source code is a starting point, and it is the reason why a quality assurance tester has to be proficient in coding languages. 

Something that must be considered is secure coding. The most popular reason for software testing is to do a security check, as many web pages and applications tend to collect sensitive data - so they MUST be secure. This means the application has to be protected from malware and hackers that are there to steal important data.

Step 2 - Test case creation and execution

This level involves scenario checks. Here a number of cases are created and are run to spot the weakness in the product. Manual testing can be applied at this stage too.

Testing approaches

Testing the code coverage has major advantages, including it eliminates holes in test suites, and as test cases are run a few times on different parts of the code this helps to provide a high quality product.

A tester is not expected to perform the whole process manually, so there are a number of automated tools that will save time. Approaches that may be taken include Path, Function, and Multiple condition coverage. Despite the listed options, Branch and Statement coverages help you check up to 90% of the code.

Black Box testing

Behavioral, or Black Box testing, is a method whereby the tester does not know what they are testing. The internal layout, application, and design of the product remain unknown to the quality assurance specialist. These tests are usually functional, and web pages are studied by using a browser, and some data is input and the outcomes are checked.

The Black Box method is applicable to these software testing levels:

  • System testing
  • Integration testing
  • Acceptance testing

The amount of testing needed depends on the Box complexity.

Test case designs for Black Box testing:

  • Cause-Effect Graphing (case identification and its effects)
  • Boundary Value Analysis (input boundary determination)
  • Equivalence Partitioning (valid and invalid partitions)

Gray Box testing

Gray Box testing is a mix of White Box and Black Box testing. The tester aims to find all the possible code and functioning issues by using this method. At this stage a specialist is able to test the end-to-end functions.

Testing approaches:

  • Pattern testing
  • Matrix testing
  • Regression testing
  • Orthogonal Array Testing or OAT

Gray Box testing is a great method of functional testing, but it would not be a sufficient method on its own. It has to be used along with White Box and Black Box testing.

Apply for the Manual QA