White box testing strategy deals with the internal logic and structure of the code. It is also called glass, structural, open or clear box testing. The tests that are written based on the white box testing strategy incorporate coverage of the code written, branches, paths, statements and internal logic of the code, etc. In order to implement white box testing, the tester has to deal with the code, and hence is required to possess knowledge of coding and logic i.e., internal working of the code. White box test also needs the tester to look into the code and find out which unit/statement/chunk of the code is malfunctioning.
In other words, it is imperative that the tester has 'structural' knowledge about how the system has been implemented. Not only the code, but even the data flow and control flow have to be assessed. The areas of the code, that are tested using white box testing are:
Data Flow Coverage
There are three aspects of the code, which are validated in white box testing, namely
If the software has been designed as per the original design of the software.
If security measures have been implemented into the software and it is robust.
Find out vulnerabilities in the said software.
Advantages of White Box Testing
As the knowledge of internal coding structure is prerequisite, it becomes very easy to find out which type of input/data can help in testing the application effectively.
Yet another advantage of white box testing is that it helps in optimizing the code.
It helps in removing the extra lines of code, which can introduce defects in the code.
Disadvantages of White Box Testing
As knowledge of code and internal structure is a prerequisite, a skilled tester is needed to carry out this type of testing, and this, in turn, increases the cost of the software.
It is nearly impossible to look into every bit of code to find out hidden errors, which may create problems, resulting in failure of the application.
Types of Testing under White/Glass Box Testing Strategy
The developer carries out unit testing in order to check if the particular module or unit of code is working fine. The unit testing comes at the very basic level as it is carried out as and when the unit of the code is developed or a particular functionality is built.
Static and Dynamic Analysis
While static analysis involves going through the code in order to find out any possible defect in the code, dynamic analysis involves executing the code and analyzing the output.
In this type of testing, the code is executed in such a manner that every statement of the application is executed at least once. It helps in assuring that all the statements are executed without any side effect. Different coverage management tools are used to assess the percentage of the executable elements, which are currently been tested. (These tools are used for both statement as well as branch coverage.)
No software application can be written in a continuous mode of coding. At some point we need to branch out the code in order to perform a particular functionality. Branch coverage testing helps in validating of all the branches in the code, and helps make sure that no branching leads to abnormal behavior of the application.
Memory Leak Testing
When a code is written, there is a possibility that there is a problem of memory leak in the code, which makes the code faulty. Therefore, during the white box testing phase the code is tested to check, if there is memory leak in the code. In case of memory leak, more memory is required for the software and this affects the speed of the software making it slow.
Security testing is carried out in order to find out how well the system can protect itself from unauthorized access, hacking (cracking, any code damage, etc.) which deals with the code of application. This type of testing needs sophisticated testing techniques.
It is a kind of testing in which, the application is tested for the code that was modified after fixing a particular bug/defect. It also helps in finding out which code and which strategy of coding can help in developing the functionality effectively.
Besides all the testing types given above, there are some more types which fall under both black box and white box testing strategies such as: functional testing (which deals with the code in order to check its functional performance), incremental integration testing (which deals with the testing of newly added code in the application), performance and load testing (which helps in finding out how the particular code manages resources and gives performance), etc. Since they fall under white box as well as black box it is difficult to categorize them in either of the two broad types of software testing.