What is WHITE Box Testing? Techniques, Example & Types

What is White Box Testing?

White Box Testing is the testing of a software solution's internal coding and infrastructure. It focuses primarily on strengthening security, the flow of inputs and outputs through the application, and improving design and usability. White box testing is also known as Clear Box testing, Open Box testing, Structural testing, Transparent Box testing, Code-Based testing, and Glass Box testing.

It is one of two parts of the "box testing" approach of software testing. Its counter-part, blackbox testing, involves testing from an external or end-user type perspective. On the other hand, Whitebox testing is based on the inner workings of an application and revolves around internal testing.

The term "whitebox" was used because of the see-through box concept. The clear box or whitebox name symbolizes the ability to see through the software's outer shell (or "box") into its inner workings. Likewise, the "black box" in "Black Box Testing" symbolizes not being able to see the inner workings of the software so that only the end-user experience can be tested

 

What do you verify in White Box Testing?

White box testing involves the testing of the software code for the following:

     Internal security holes

     Broken or poorly structured paths in the coding processes

     The flow of specific inputs through the code

     Expected output

     The functionality of conditional loops

     Testing of each statement, object and function on an individual basis

The testing can be done at system, integration and unit levels of software development. One of the basic goals of whitebox testing is to verify a working flow for an application. It involves testing a series of predefined inputs against expected or desired outputs so that when a specific input does not result in the expected output, you have encountered a bug.

How do you perform White Box Testing?

To give you a simplified explanation of white box testing, we have divided it into two basic steps. This is what testers do when testing an application using the white box testing technique:

STEP 1) UNDERSTAND THE SOURCE CODE

The first thing a tester will often do is learn and understand the source code of the application. Since white box testing involves the testing of the inner workings of an application, the tester must be very knowledgeable in the programming languages used in the applications they are testing. Also, the testing person must be highly aware of secure coding practices. Security is often one of the primary objectives of testing software. The tester should be able to find security issues and prevent attacks from hackers and naive users who might inject malicious code into the application either knowingly or unknowingly.

Step 2) CREATE TEST CASES AND EXECUTE

The second basic step to white box testing involves testing the application's source code for proper flow and structure. One way is by writing more code to test the application's source code. The tester will develop little tests for each process or series of processes in the application. This method requires that the tester must have intimate knowledge of the code and is often done by the developer. Other methods include Manual Testing, trial and error testing and the use of testing tools as we will explain further on in this article.

White Box Testing Techniques

A major White box testing technique is Code Coverage analysis. Code Coverage analysis, eliminates gaps in a Test Case suite. It identifies areas of a program that are not exercised by a set of test cases. Once gaps are identified, you create test cases to verify untested parts of code, thereby increase the quality of the software product

There are automated tools available to perform Code coverage analysis. Below are a few coverage analysis techniques

Statement Coverage - This technique requires every possible statement in the code to be tested at least once during the testing process.

Branch Coverage - This technique checks every possible path (if-else and other conditional loops) of a software application. Tools: An example of a tool that handles branch coverage testing for C, C++ and Java applications is TCAT-PATH

Apart from above, there are numerous coverage types such as Condition Coverage, Multiple Condition Coverage, Path Coverage, Function Coverage etc. Each technique has its own merits and attempts to test (cover) all parts of software code.

Using Statement and Branch coverage you generally attain 80-90% code coverage which is sufficient. 

Types of White Box Testing

White box testing encompasses several testing types used to evaluate the usability of an application, block of code or specific software package. There are listed below --

Unit Testing : It is often the first type of testing done on an application. Unit Testing is performed on each unit or block of code as it is developed.

 Unit Testing is essentially done by the programmer. As a software developer, you develop a few lines of code, a single function or an object and test it to make sure it works before continuing

Unit Testing helps identify majority of bugs, early in the software development lifecycle. Bugs identified in this stage are cheaper and easy to fix.

Testing for Memory Leaks: Memory leaks are leading causes of slower running applications. A QA specialist who is experienced at detecting memory leaks is essential in cases where you have a slow running software application.

There are many tools available to assist developers/testers with memory leak testing, example, Rational Purify  for windows application

Apart from above a few testing types are part of both black box and white box testing. They are listed as below

     White Box Penetration Testing: In this testing, the tester/developer has full information of the application's source code, detailed network information, IP addresses involved and all server information the application runs on.  The aim is to attack the code from several angles to expose security threats

     White Box Mutation Testing: Mutation testing is often used to discover the best coding techniques to use for expanding a software solution.

Advantages of White Box Testing

     Code optimization by finding hidden errors.

     White box tests cases can be easily automated.

     Testing is more thorough as all code paths are usually covered.

     Testing can start early in SDLC even if GUI is not available.

Disadvantages of White Box Testing

     White box testing can be quite complex and expensive.

     Developers who usually execute white box test cases detest it. The white box testing by developers is not detailed can lead to production errors.

     White box testing requires professional resources, with a detailed understanding of programming and implementation.

     White-box testing is time-consuming, bigger programming applications take the time to test fully.