written 6.9 years ago by |
White Box Testing is the testing of a software solution's internal coding and infrastructure. It focuses primarily on strengthening security, the flow of inputs and outputs through the application, and improving design and usability.
White box testing is also known as Clear Box testing, Open Box testing, Structural testing, Transparent Box testing, Code-Based testing, and Glass Box testing.
It is one of two parts of the "box testing" approach of software testing. Its counter-part, blackbox testing, involves testing from an external or end-user type perspective.
On the other hand, Whitebox testing is based on the inner workings of an application and revolves around internal testing.
What do you verify in White Box Testing?
White box testing involves the testing of the software code for the following:
• Internal security holes
• Broken or poorly structured paths in the coding processes
• The flow of specific inputs through the code
• Expected output
• The functionality of conditional loops
• How do you perform White Box Testing?
• To give you a simplified explanation of white box testing, we have divided it into two basic steps. This is what testers do when testing an application using the white box testing technique:
• STEP 1) UNDERSTAND THE SOURCE CODE
• The first thing a tester will often do is learn and understand the source code of the application. Since white box testing involves the testing of the inner workings of an application, the tester must be very knowledgeable in the programming languages used in the applications they are testing. Also, the testing person must be highly aware of secure coding practices.
Security is often one of the primary objectives of testing software. The tester should be able to find security issues and prevent attacks from hackers and naive users who might inject malicious code into the application either knowingly or unknowingly.
• Step 2) CREATE TEST CASES AND EXECUTE
The second basic step to white box testing involves testing the application's source code for proper flow and structure. One way is by writing more code to test the application's source code. The tester will develop little tests for each process or series of processes in the application.
This method requires that the tester must have intimate knowledge of the code and is often done by the developer. Other methods include Manual Testing, trial and error testing and the use of testing tools as we will explain further on in this article.
White Box Testing Techniques:-
A major White box testing technique is Code Coverage analysis. Code Coverage analysis, eliminates gaps in a Test Case suite. It identifies areas of a program that are not exercised by a set of test cases. Once gaps are identified, you create test cases to verify untested parts of code, thereby increase the quality of the software product.
There are automated tools available to perform Code coverage analysis. Below are a few coverage analysis techniques:-
Statement Coverage - This technique requires every possible statement in the code to be tested at least once during the testing process.
Branch Coverage - This technique checks every possible path (if-else and other conditional loops) of a software application. Tools: An example of a tool that handles branch coverage testing for C, C++ and Java .
Apart from above, there are numerous coverage types such as Condition Coverage, Multiple Condition Coverage, Path Coverage, Function Coverage etc. Each technique has its own merits and attempts to test (cover) all parts of software code.
Using Statement and Branch coverage you generally attain 80-90% code coverage which is sufficient.
Types of White Box Testing:-
The 3 main White Box Testing Techniques are:
Statement Coverage
Branch Coverage
Path Coverage
Let’s understand these techniques one by one with a simple example.
1) Statement coverage:-
In a programming language, a statement is nothing but the line of code or instruction for the computer to understand and act accordingly. A statement becomes an executable statement when it gets compiled and converted into the object code and performs the action when the program is in a running mode.
Hence “Statement Coverage”, as the name itself suggests, it is the method of validating whether each and every line of the code is executed at least once.
2) Branch Coverage:-
“Branch” in a programming language is like the “IF statements”. An IF statement has two branches: True and False.
So in Branch coverage (also called Decision coverage), we validate whether each branch is executed at least once.
In case of an “IF statement”, there will be two test conditions:
• One to validate the true branch and,
• Other to validate the false branch.
Hence, in theory, Branch Coverage is a testing method which is when executed ensures that each and every branch from each decision point is executed.
3) Path Coverage:-
Path coverage tests all the paths of the program. This is a comprehensive technique which ensures that all the paths of the program are traversed at least once.
Advantages of White Box Testing:-
• Code optimization by finding hidden errors.
• White box tests cases can be easily automated.
• Testing is more thorough as all code paths are usually covered.
Disadvantages of White Box Testing:-
• White box testing can be quite complex and expensive.
• Developers who usually execute white box test cases detest it. The white box testing by developers is not detailed can lead to production errors.
• White box testing requires professional resources, with a detailed understanding of programming and implementation.