White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing)
is a method of testing software that tests internal structures or
workings of an application, as opposed to its functionality (i.e. black-box testing).
In white-box testing an internal perspective of the system, as well as
programming skills, are required and used to design test cases. The
tester chooses inputs to exercise paths through the code and determine
the appropriate outputs. This is analogous to testing nodes in a
circuit, e.g. in-circuit testing (ICT).
While white-box testing can be applied at the unit, integration and system levels of the software testing
process, it is usually done at the unit level. It can test paths within
a unit, paths between units during integration, and between subsystems
during a system level test. Though this method of test design can
uncover many errors or problems, it might not detect unimplemented parts
of the specification or missing requirements.
White-box test design techniques include:
- Control flow testing
- Data flow testing
- Branch testing
- Path testing
In penetration testing, white-box testing refers to a methodology where an ethical hacker
has full knowledge of the system being attacked. The goal of a
white-box penetration test is to simulate a malicious insider who has
some knowledge and possibly basic credentials to the target system.