• Home
• Topics
• Software Security Testing and Quality Assurance
• Software Security Test Best Practices
• How to learn white box testing

How to learn white box testing

Requires Free Membership to View

Login



When you register, you'll receive targeted emails designed to keep you informed of the most relevant information on Agile development, application security, testing & QA, software requirements, and more.

Hannah Smalltree, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchSoftwareQuality.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSoftwareQuality.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

White box testing, also known as glass box or clear box testing, is testing that takes place where the testing had working knowledge of the code. In the AST BBST Foundations course, glass box testing concerns are illustrated with the question, "Does this code do what the programmer expects?" This is in contrast to the black box concern of, "Does this product fail to do what users -- human and software -- expect?"

From a learning perspective, this can mean a number of things. Testers working at this level are often comfortable with programming, hardware, networks, databases and application servers. Depending on the software, specialized knowledge of certain programming techniques or specific technologies may be required. Examples could include custom protocols, effective use of connection polling, language-specific test frameworks, among others.

Here's what I normally recommend for people getting started down this path:

• Learn the basics of computer science: You can do this through schooling or through some well selected books with a good self-study ethic. I recommend looking for entry-level courses and books on computer organization, networking, databases and file systems, data structures, assemblers/compilers/interpreters, algorithms, and discrete mathematics.



• Get comfortable working in a language: Today, I favor Ruby. But I taught myself Pascal as a teenager, learned C/C++ in college, and used Java in my first job as a programmer. It doesn't matter what language you learn -- just get fluent. You need to be comfortable enough that you can turn out simple programs rather easily and you need to be able understand and follow more complicated code -- even if you couldn't write it yourself.



• Practice writing unit tests, stubs, and harnesses: As you learn a language, you'll want to be sure you learn how to do unit testing in that language as you progress. The reason isn't so you can write better code yourself -- that's a happy side effect -- but so you get comfortable looking at and editing those types of tests. Similarly, as you start to practice testing, you're more than likely going to encounter situations where you'll want to mock out part of your test. This is a common pastime for white box testers, as they often use custom stubs and harness to mock out parts of the component their testing or to add more visibility to the results of their testing.



• Download and play with tools: This type of testing usually involves some tooling help if you plan on getting anywhere fast. Anything from your common runtime analysis tools (memory profilers, performance monitors, code coverage tools, etc.) to simple static analysis tools can help you learn the lingo and can get you thinking about common problems in white box testing. There are several good open source sites where you can find tools in this area; I currently favor opensourcetesting.org.



• Learn about security testing: Get to know your buddies at the Open Web Application Security Project (OWASP). You can think of security testing as a capstone project for white box testers. Not only is it a practical application of the skills and tactics that make white box testers successful, but it pulls together everything else you're learning. If you work through the OWASP materials, you see that you'll need to understand a lot of the computer science materials. You'll need to be able to read code. You'll need to use tools -- lots of tools -- and it will be helpful to be able to write your own simple scripts. I find that OWASP makes all of their material accessible to the beginner or near beginner). They also have local groups -- perhaps in your area -- where you can get some peer support for your learning.

Software testing resources: Web application testing: The difference between black, gray and white box testing What to look for in a Web application security testing tool Learning Guide: Application security testing techniques Software security testing and techniques news, help and research

That should be enough to get you going. If you make a regular diet of alternating between those five areas you'll become a pro in no time. As you learn, share what you're learning with some programmers you work with. You may be surprised at how supportive they will most likely be, and more than likely they will start to look for opportunities to start pulling you into their testing and debugging work.

Dig Deeper

This was first published in August 2008

More from Related TechTarget Sites

• SOA
• Java
• Windows Development
• Oracle
• Cloud computing
• Business Analytics

• SOA

  • Using enterprise architecture (EA) and SOA to bridge business and IT

    Implementing strong enterprise architecture and SOA helps support both business and software technology growth.

  • Profiles in application integration

    As both service-oriented and cloud-based architecture take the fore, IT shops increasingly value top-notch integration design. Stories show application integration is changing today.

  • SOA growth reveals benefits and lessons

    Service-oriented architecture is a way of including roles (customers, suppliers, engineers, etc.) and viewing everything as a service. Generally, we recognize services that are provided by people, machines and both. SOA is the most important development in the last ten years and is 1) Business-oriented - "describe what not how" and 2) Message-oriented - "just ask and the service is given."

• Java

  • Java 7 and the intricacies of safe and unsafe casting

    One of the problems with casting is that it does have the potential to cause a loss of precision, especially if the number that gets cast does indeed fall outside of the range of the target type. Here we will explain why this happens.

  • Vowels don't cost $500: Pontificating on Java 7 variable naming conventions

    When naming your variables, put a little bit of thought into it and name them well. Well thought out variable names make Java programs both easier to read and easier to maintain. Good names can even make Java programming fun.

  • Has Computer Programming Really Changed Much Since Lovelace's Time?

    Everyone always talks about these new computer programming languages, and how great one is over the other. But really, has computer programming really changed that much over time?

• Windows Development

  • Testing methods in Visual Studio 2010

    This is the second part in a two part series on unit testing in Visual Studio 2010.

  • Unit testing in Visual Studio 2010

    Visual Studio 2010 contains a unit testing framework, and I’ll show you how to use it to automate your own unit tests.

  • Understanding the testing tools in Visual Studio 2010

    Get an overview of the testing tools available in Visual Studio. You will learn which testing features are in which Visual Studio edition.

• Oracle

  • Oracle purchase of Taleo indicates rising SaaS trend

    Oracle has spent $3.4 billion on Taleo and RightNow in the past few months, showing that it is serious about hosting applications in the cloud for its customers.

  • Making Monday the start of the week in Oracle SQL

    One reader asks how to set up a report in Oracle SQL so that Monday is the first day of the week.

  • Oracle Advanced Analytics bundles R with Oracle Database

    Oracle Advanced Analytics is the company’s newest announcement around data analytics, a market that Oracle seeks to blanket with products.

• Cloud computing

  • Cloud infrastructure providers remain hot commodities

    Cloud infrastructure providers attracted the attention of acquisitive suitors last year. Profitable cloud vendors this year will catch the eye of telecoms.

  • Digging deeper into IBM SmartCloud for private clouds

    IBM SmartCloud services give enterprises some options to build private and hybrid clouds and may give IBM a chance to improve its lagging cloud image.

  • Hybrid cloud management tools and strategies

    Determining how to manage hybrid clouds can seem daunting. The trick is to identify what you need to manage and the best types of tools for the job.

• Business Analytics

  • Airport retailer leaves Excel behind with BI tools makeover

    The Paradies Shops’ search for BI tools to access data quickly and break away from Excel spreadsheets started with data discovery vendors but didn’t end with them.

  • Hadoop is hot, but not most popular ‘big data’ technology

    New research reveals businesses’ relative lack of “big data” maturity and the hurdles in both technology and analytics techniques they need to overcome.

  • Mobile BI brings more than security concerns to the table, TDWI says

    Interest in mobile BI is growing, but democratizing data also presents hurdles for building a business case, according to new research from TDWI.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map