What are white-box, black-box and gray-box testing?White Box (or glass box) testing is the process of giving i/p to the system and checking how the system processes i/p to generate o/p
- It refers to the testing a system with full knowledge and access to all source code and other architecture documents. This testing enables to reveal bugs and vulnerabilities quickly in comparison with trial and error method. More complete testing coverage is ensured by exactly knowing what to test.
- White box testing involves thorough testing of the application. It requires knowledge of code and the test cases chosen verifies if the system is implemented as expected. It typically includes checking with the data flow, exceptions, and errors, how they are handled, comparing if the code produces the expected results.
E.g. In electrical appliances the internal circuit testing.
- The team tests the internal logics of the code. The code for the application is tested. It is also known as the glass box testing.
Black Box testing is the process of giving i/p to the system and checking the o/p of the system without bothering how the o/p is generated.
- It refers to testing a system without knowledge of specification to the internal workings of the system, access to the source code, and knowledge of the architecture. Essentially this approach mimics in a close approach, how an attacker typically follows approach to the application. However, the uncovering of issues or vulnerabilities could be further longer , because of lacking internal application knowledge.
- Black box testing is done at an outer level of the system. Test cases merely check if the output is correct for the given input. User is not expected to the internal flow or design of the system.
- The team tests the system without any knowledge of how the system is being made. The functionalities are checked here. Here the application is tested.
Gray Box testing is a combination of White Box and Glass Box Testing. In this, the tester has little knowledge about the internal working of the s/w; so he tests the o/p as well as process carried out to generate the o/p.
- It refers to a testing system by knowing limited information about the internals of the system. The knowledge is always limited for detailed design documents and architecture diagrams. In concise, it is a good blend of black and white box testing, which leverage the strengths of each.
- Gray box testing is a combination of both black box and white box testing. This is because it involves access to the system; however, at an outer level. A little knowledge of the system is expected in Gray box testing.
- Both white box and black box combined are known as gray box testing.