• Home
• Topics
• Software Requirements Best Practices
• Building security into the SDLC (Software development life cycle)
• Sorting out black box, white box and gray box software testing methods

Sorting out black box, white box and gray box software testing methods

Requires Free Membership to View

Login



When you register, you'll receive targeted emails designed to keep you informed of the most relevant information on Agile development, application security, testing & QA, software requirements, and more.

Hannah Smalltree, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchSoftwareQuality.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSoftwareQuality.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Black, white/clear and gray box testing describe different approaches to testing applications - each with specific advantages and disadvantages.

Black box testing refers to testing a system with no specific knowledge to the internal workings of the system, no access to the source code, and no knowledge of the architecture. In essence, this approach most closely mimics how an attacker typically approaches your application. However, due to the lack of internal application knowledge, the uncovering of bugs and/or vulnerabilities can take significantly longer.

White or clear box testing refers to testing a system will full knowledge and access to all source code and architecture documents. Having full access to this information can reveal bugs and vulnerabilities more quickly than the "trial and error" method of black box testing. Additionally, you can be sure to get more complete testing coverage by knowing exactly what you have to test. However, because of the sheer complexity of architectures and volume of source code, white box testing introduces challenges regarding how to best focus the test and analysis efforts. Also, specialized knowledge and tools are typically required to assist, such as debuggers and source code analyzers.

Software security testing tools: Black, gray and white box testing explained -- Podcast Web application testing: The difference between black, gray and white box testing Software security testing: Finding your inner evildoer

Gray box testing typically refers to testing a system with limited knowledge of the internals of a system. This knowledge is usually limited to detailed design documents and architecture diagrams. It is a combination of both black and white box testing, and tries to leverage the strengths of each.

In some situations a tester may prefer white box testing, but is restricted to gray box or black box testing due to a lack of access to more detailed information. Security testers should be flexible and able to plan a test approach for any of these scenarios given the time and access to resources available for a given application.

Dig Deeper

This was first published in December 2006

More from Related TechTarget Sites

• SOA
• Java
• Windows Development
• Oracle
• Cloud computing
• Business Analytics

• SOA

  • Using enterprise architecture (EA) and SOA to bridge business and IT

    Implementing strong enterprise architecture and SOA helps support both business and software technology growth.

  • Profiles in application integration

    As both service-oriented and cloud-based architecture take the fore, IT shops increasingly value good integration design.

  • SOA growth reveals benefits and lessons

    Service-oriented architecture is a way of including roles (customers, suppliers, engineers, etc) and viewing everything as a service. Generally, we recognize services that are provided by people, machines and both. SOA is the most important development in the last ten years and is 1) Business-oriented - "describe what not how" and 2) Message - "just ask and the service is given".

• Java

  • Java 7 and the intricacies of safe and unsafe casting

    One of the problems with casting is that it does have the potential to cause a loss of precision, especially if the number that gets cast does indeed fall outside of the range of the target type. Here we will explain why this happens.

  • Vowels don't cost $500: Pontificating on Java 7 variable naming conventions

    When naming your variables, put a little bit of thought into it and name them well. Well thought out variable names make Java programs both easier to read and easier to maintain. Good names can even make Java programming fun.

  • Has Computer Programming Really Changed Much Since Lovelace's Time?

    Everyone always talks about these new computer programming languages, and how great one is over the other. But really, has computer programming really changed that much over time?

• Windows Development

  • Testing methods in Visual Studio 2010

    This is the second part in a two part series on unit testing in Visual Studio 2010.

  • Unit testing in Visual Studio 2010

    Visual Studio 2010 contains a unit testing framework, and I’ll show you how to use it to automate your own unit tests.

  • Understanding the testing tools in Visual Studio 2010

    Get an overview of the testing tools available in Visual Studio. You will learn which testing features are in which Visual Studio edition.

• Oracle

  • Making Monday the start of the week in Oracle SQL

    One reader asks how to set up a report in Oracle SQL so that Monday is the first day of the week.

  • Oracle Advanced Analytics bundles R with Oracle Database

    Oracle Advanced Analytics is the company’s newest announcement around data analytics, a market that Oracle seeks to blanket with products.

  • Oracle details integration with RightNow

    Oracle has finalized its $1.5 billion acquisition of CRM SaaS provider RightNow Technologies, and to celebrate executives held a webcast outlining their future plans for all the CRM and cloud products the two have on the table.

• Cloud computing

  • Digging deeper into IBM SmartCloud for private clouds

    IBM SmartCloud services give enterprises some options to build private and hybrid clouds and may give IBM a chance to improve its lagging cloud image.

  • Hybrid cloud management tools and strategies

    Determining how to manage hybrid clouds can seem daunting. The trick is to identify what you need to manage and the best types of tools for the job.

  • Six principles of HP Cloud Services

    Lining up cloud platforms from major vendors can cause vertigo. What’s the difference among private cloud products? Take a look at HP Cloud Services.

• Business Analytics

  • Airport retailer leaves Excel behind with BI tools makeover

    The Paradies Shops’ search for BI tools to access data quickly and break away from Excel spreadsheets started with data discovery vendors but didn’t end with them.

  • Hadoop is hot, but not most popular ‘big data’ technology

    New research reveals businesses’ relative lack of “big data” maturity and the hurdles in both technology and analytics techniques they need to overcome.

  • Mobile BI brings more than security concerns to the table, TDWI says

    Interest in mobile BI is growing, but democratizing data also presents hurdles for building a business case, according to new research from TDWI.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map