White box Testing is a kind of software testing in which the tester tests the application internally; no doubt the programmer must have programming skills so that he can do the job of testing perfectly. Using white box testing, we can design test cases.
These test cases do testing not only for independent paths within a module but also examines if any bug that might exist between paths of two units. White box testing is also known as clear box testing and glass box testing.
That is because the internal working of the application is visible to us. For white box testing, programmers write a software module which is then used in testing the application we want to test.
The software module which is designed for testing our application is called a driver. Programmers use these drivers and stubs in white box testing.
A stub is actually a computer program statement which is a dummy component used for simulation purposes. It simulates the behavior of real components.
![]()
Stubs can be used temporarily. If a programmer wants to call a method in the code he can use the stub method. A White box test includes the analysis of data flow, control flow and information flow.
It also deals with the practices of coding. Under white box testing we check whether the software which is under test is functioning normally or not.
How to perform White box testing?
The first step in white box testing is to analyze the designed application and its source code as well. The first step is to analyze how can we make our software secure. Secondly, programmers must design a module which can crash the software. The tester must know about all the tools and techniques of white box testing.
Testing techniques
Basis Path Testing
Basis Path testing ensures that all independent paths through a code module have been tested. To do Basis path Testing, we usually make flow charts so that we can compute the number of independent paths through the code. Basis path testing looks at the decision points in the application.
Control Flow testing
In Control flow testing, we consider the control flow of the program. This control flow can be represented in a flow graph.
Data Flow testing
Data flow testing is applied for selected variables. This is done so that we can understand the program better. A Data flow analysis for an entire program needs a lot of computational resources.
Steps in white box testing are:
![]()
White box testing for web-services operation
Threat modeling
- In threat modeling we design some security specifications and then using those specifications time to time. Threat modeling identifies and checks threats and vulnerabilities which are able to attack the applications. It also finds a logical thought process; this helps in finding architecture bugs comparatively earlier.
- The second step in white box testing is to develop a test strategy which helps in deciding what testing activities are needed to accomplish test goals.
- Then we develop a test plan that organizes the test process. The Next step is to make test environment for executing tests.
- The final step is to execute test cases and prepare a report on the results.
Risk Analysis
Risk analysis is an essential part of white box testing. We do it for determining bugs and threats that exist for the software. A White box tester is advised to do Risk-analysis. The intention behind it is to think like an attacker. So that the tester attempts to be capable of securing an application from hackers.
Disadvantages of White-box Testing
White box testing causes an increase in the cost of the software as knowledge of code with its internal structure is a must for any tester who is working on that software to check its bugs.
Sometimes doing testing on even unbreakable modules can not find all the bugs which can potentially cause failure of the application.
Conclusion
The White box method is a method determined by the internal structure of the source-code. White box is also done on a Unit, Integration or system level. Using White box testing our aim is to do testing of as many statements and branches in the code as possible.