Difference between White and Black box tests

BLACK BOX TESTING

Also known as Behavioural Testing, Black box testing is a software testing technique where the application is tested without the knowledge of its internal code structure. The name only depicts that the software program is not perceived through the tester’s eyes. This type of testing commonly focuses on only the input and output of the software system. 

Some of the errors tested by this method are – 

  1. Function errors
  2. Interfacing errors
  3. Database errors
  4. Performance errors
  5. Initialization errors  

Black Box Testing Techniques 

  1. Information Gathering – As the first step of every security assessment procedure, information gathering involves extracting knowledge about the application from outside sources by using Search Engine Discovery/ Reconnaissance and Web App Fingerprint. 
  1. Configuration and Deploy Management Testing – Application Configuration management weakness are assessed in this technique, along with hunting sensitive information from the backups and old, unrefined files. 
  1. Data Validation Testing – This technique employs Reflected Cross-Site Scripting, Stored Cross-site Scripting and SQL Injections to examine whether the provided data is valid or complete.
  1. Cryptography – Black Box Testing inspects the unencrypted channels through which sensitive information is sent, as well as examination of weak SSL/TLS ciphers and the protection of the application’s transport layer.

How is Black Box Testing performed?

The basic methodology of any Black Box Testing is as follows:

  1. Understanding specifications of the application which is to be tested with a Software Requirements Specification (SRS) document. 
  2. Evaluation of the software with a set of valid inputs to save time and get good test coverage.
  3. Test cases preparation for the maximum coverage of inputs.
  4. Running of test cases in the system to generate outputs. 
  5. Marking of the ‘Failed’ steps and sending them for fixing to the development team.
  6. Retesting of the test cases.



WHITE BOX TESTING

This type of software testing evaluates and verifies the ‘source code’, or the internal workings of a software system, such as its code and infrastructure. White Box is an essential part in a modern Continuous Integration (CI)/Continuous Delivery (CD) of automated build processes. Some of the software code of the following are tested by this method –

  1. Internal security holes
  2. Poorly structures paths
  3. Specific input flow
  4. Expected output
  5. Conditional loop functionality

White Box Testing Techniques 

White Box Testing typically involves surveying the application for vulnerabilities with reference to notable security standards, such as SANS Top 25 and OWASP Top 10 Application Security Risks. 

  1. SANS Top 25 – This well-known, and most frequently utilized, compilation of security vulnerabilities depicts the common errors found in all types of systems.
  1. OWASP Top 10 – The Open Web Application Security Project’s Top 10 illustrates the 10 common vulnerabilities found in an application, such as Injection, Broken Authentication and Session Management, Cross-site Scripting, and many more. 

How is White Box Testing performed?

To simplify the process of a white box test, it can be divided into two basic steps –

  1. Understanding of the Source Code

The fundamental of every testing process is to learn and understand the source code of an application. White box testing involves internal testing, which requires testers to have a thorough knowledge of languages used in programming of the applications they are testing. Since security is the main motive of performing a test, the tester’s awareness of secure coding practice is essential. 

The tester should be able to detect and identify security issues within an application’s code to keep the attackers from taking advantage of the vulnerabilities by injecting malicious code into the application.

  1. Test Case Creation and Execution

The following basic step involves testing the application’s code to review its proper flow and structure. One way to do this is by writing additional code so the application’s code can be tested. This method requires a deep technical understanding of the code and is performed by the developer. The other method involves Manual Testing, trial and error method, and the use of various tools for the execution of the testing procedure, such as MobSF, BurpSuite, Dex2Jar, and many more.



 

Reference

https://securityboulevard.com/2022/08/types-of-testing-techniques-black-white-and-grey-box/ 

Comments

Post a Comment

Popular posts from this blog

What happens in requirement analysis phase in SDLC?

Image
For any  software development life cycle  (SDLC), the requirement phase is the first step toward unambiguity. It is an essential step because it reverberates with acceptance tests which are crucial for the end user acceptance. Here is the complete process of the requirement analysis and gathering phase of SDLC – Requirement gathering Also known as elicitation, software development requirements gathering is followed by an analysis of the needs so that the technology experts shall go for feasibility tests and may alter some objectives to convert the thoughts into a real product. The gathering technique involves precise research on what customers need. Nevertheless, it is not possible to put a survey questionnaire to each customer and get feedback; hence, the requirement for product, tool, or objectives is asked to the stakeholders who influence the product or who are well acquainted with the end users. The stakeholders could be software quality engineers or at times even...
Read more

What are the drawbacks in waterfall software development mode?

  What is the Waterfall Method? The Waterfall Model is a linear or sequential approach to project management and works based on fixed dates, requirements, and outcomes. Teams do not require consistent communication and, unless specific integrations are required, can be self-contained. Team members can also work independently and are often required to provide status reports somewhat less frequently (when compared to an agile approach). A typical Waterfall project is chronological and is made up of the following phases: Requirements Design Implementation Verification Maintenance Disadvantages of the Waterfall Model 1 . The waterfall model doesn’t support making changes. 2. It can invalidate the work you’ve previously accomplished. 3. This method excludes end-users and clients. 4. It delays testing until after the completion of the project. 5. The waterfall model can promote longer delivery times. 6. It typically works better for small projects. 7. Working m...
Read more