When to use White box Testing in a software or a website?



  • In a software or an website, when to use white box testing technique?



  • OK...now that a few folks have voiced their perspectives on "boxes" let me try to answer your question.

    I am going to assume that we agree that by 'white box' testing you are referring to the act of designing static or dynamic tests based on the implementation of a programming language that performs some functional task or behavior in a software program; or more simply...designing tests from the program's source code (e.g. unit tests).

    In my experience (with the exception of unit tests) white box testing is almost always used as an adjunct to black-box domain and exploratory testing approaches. White box testing is usu. done to support and extend other testing approaches; never in lieu of other testing approaches. In general, testers may need to perform 'white-box' testing when:

    • There is a business need or goal to increase code coverage measures
      • If the team has a specific goal or need to improve the code coverage metric, the most efficient way to improve that metric is via white box testing. Black box and exploratory testing will increase the code coverage metric initially, but then quickly plateau. (Test coverage may be increasing, but the measure of new code paths being executed tends to flatten out.) So, if there is some reason to achieve some magical code coverage metric, white box testing is the most economical approach to reach that goal.
    • There is a suspicion that some area of the program may be under-tested
      • Sometimes there may be indicators that an area of the program are under-tested. Low code coverage measures of a module or component, high complexity measures or a module or component, or high defect density in a module or component may indicate that area of the software needs a deeper level of investigation/testing. White box testing can sometimes be used to design additional tests to provide greater confidence in a specific area of the code base, or provide additional critical perspective of the implementation.
    • Security/reduced risk
      • Some studies suggest that formal code reviews (which is white box testing - static analysis of the implemented code) are the single most effective approach to identify security flaws in software. This does not imply that additional security testing measures are not required.

    Again, with the exception of unit testing, white box testing is not a starting point; it is used in addition to other testing. There may be benefits of adding white box testing to the test strategy for some software projects, but there can also be drawbacks such as additional cost, more time, and biased tests. Some types of software may benefit from white box testing, while it may be completely unnecessary for other types (e.g. games).



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2