White box testing can complement black box testing to increase
overall test effectiveness. Based on risk assessment, certain areas of the
software may require more scrutiny than others. White box testing could be
performed for specific high-risk areas, and black box testing could be
performed for the whole system. By complementing the two testing methods,
more tests can be developed, focusing on both implementation issues and
usage issues.
Gray box testing can be used to combine both white box and black box
testing methods in a powerful way. In a typical case, white box analysis is
used to find vulnerable areas, and black box testing is then used to develop
working attacks against these areas. The white box analysis increases
productivity in finding vulnerable areas, while the black box testing method
of driving data inputs decreases the cost of test setup and test execution.
All testing methods can reveal possible software risks and potential
exploits. White box testing directly identifies more bugs in the software. White
box testing is time consuming and expensive and requires specialized skills. As
with any testing method, white box testing has benefits, associated costs, and
alternatives. An effective testing approach balances efficiency and
effectiveness in order to identify the greatest number of critical defects for
the least cost.
