White Box & Grey Box

Testing
(UNIT 2)
White Box Testing -Introduction
 White box testing is a software testing technique that involves
testing the internal structure and workings of a software
application .
 The tester has access to the source code and uses this knowledge to
design test cases that can verify the correctness of the software at
the code level.
 It is also called glass box testing clear box testing or structural
testing. White Box Testing is also known as transparent testing or
open box testing.
 White box testing is also known as structural testing or code-based
testing, and it is used to test the software’s internal logic, flow, and
structure. The tester creates test cases to examine the code paths
and logic flows to ensure they meet the specified requirements.
White Box Testing -Introduction
 Reasons for white box testing:
 It identifies internal security holes.
 To check the way of input inside the code.
 Check the functionality of conditional loops.
 To test function, object, and statement at an individual level.
 The term 'white box' is used because of the internal perspective of the
system.
 The clear box or white box or transparent box name denote the ability
to see through the software's outer shell into its inner workings.
White Box Testing -Introduction
White Box Testing -Introduction
 Here’s an example demonstrating how white box testing works :
 def Printme(a, b):
 result = a + b
 if result > 0:
 print("Positive", result)
 else:
 print("Negative", result)

 In this code, Printme is a function that takes two inputs, adds them,
and checks whether the result is positive or negative. If the result is
positive, it prints “Positive”. If the result is not positive (i.e., zero or
negative), it prints “Negative” along with it.
White Box Testing -Introduction
 The goal of White Box Testing here is to verify all the decision
branches (the if-else condition) in the code.

 To exercise the statements in this code, we would create the

following test cases:

 Test Case 1: a = 1, b = 1
 This would test the “Positive” branch of the if-else condition.
 Test Case 2: a = -1, b = -3
 This would test the “Negative” branch of the if-else condition.
White Box Testing –Real Life Examples
 Google employs white box testing extensively across its products
and services, including Google Search, Gmail, and Google Cloud
Platform.
 For instance, white box testing in Google Search ensures that search
algorithms operate efficiently and deliver accurate results based on
complex ranking criteria.
 Amazon rigorously applies white box testing to its e-commerce
platform, AWS cloud services, and Kindle devices.
 For example, in AWS, white box testing ensures that cloud services
operate reliably, handle data securely, and scale efficiently for
millions of customers globally.
White Box Testing -Types
 Unit Testing
 Dynamic Testing
 Static Analysis
 Decision Testing
 Data Flow Testing
Types Of White Box Testing - Unit Testing
 Imagine you’re building a bicycle. Unit testing would be like checking
each part separately – testing the brakes, the gears, the pedals, etc.,
to ensure they all work correctly before assembling the whole bicycle.
 Unit testing is a white box testing method where you check individual
units of source code.
 Developers write those tests to check only the functionality of a
small part of an application at a time.
 Checks if each part or function of the application works correctly.
 Ensures the application meets design requirements during
development.
Types Of White Box Testing - Unit Testing
 Programmers are primarily responsible for unit testing.
 Software developers write a few lines of code, a single function or
object, test it to ensure it works, and then move on to the next step.
 In the early stages of the software development lifecycle, unit tests
help identify most problems.
 Errors discovered at this stage are inexpensive and easy to fix.
 JUnit is a Java framework that facilitates unit testing by allowing
developers to define test cases, execute them, and assert expected
outcomes, promoting code reliability through automated testing
practices.
Types Of White Box Testing - Dynamic Testing
 This would be like test-driving a car. You’re not just looking at the
components (like in static analysis), but you’re driving the car to see
how it performs on the road.
 Dynamic testing is a type of software testing that involves executing
the software and evaluating its behavior during runtime.
 It is also known as functional testing, as it focuses on testing the
software’s functionality and how it behaves under different inputs and
conditions.
Types Of White Box Testing - Static Analysis
 This is like proofreading a book before it’s published. You’re looking
for errors in grammar, punctuation, and sentence structure. Still, you
need to read the book as a whole to understand the story (which
would be more like dynamic analysis).
 Static analysis involves reviewing and analyzing code without
executing it.
 You can use tools to inspect source code, identify potential defects,
enforce coding standards, and detect vulnerabilities early in
development
 Example: Tools like Pylint for Python can be used to analyze the
is_prime function for code quality issues, such as naming conventions,
complexity, or even potential bugs.
Types Of White Box Testing - Decision Testing
 This technique reports true and false outcomes of Boolean
expressions.
 Whenever there is a possibility of two or more outcomes from the
statements like do while statement, if statement and case statement
(Control flow statements), it is considered as decision point because
there are two outcomes either true or false.
 Decision coverage covers all possible outcomes of each and every
Boolean condition of the code by using control flow graph or chart.
 Generally, a decision point has two decision values one is true, and
another is false that's why most of the times the total number of
outcomes is two.
Types Of White Box Testing - Decision Testing
 The percent of decision coverage can be found by dividing the number
of exercised outcome with the total number of outcomes and
multiplied by 100.

 In this technique, it is tough to get 100% coverage because sometimes

expressions get complicated. Due to this, there are several different
methods to report decision coverage. All these methods cover the
most important combinations and very much similar to decision
coverage. The benefit of these methods is enhancement of the
sensitivity of control flow.
Types Of White Box Testing - Decision Testing
 Consider the code to apply on decision coverage technique:

 Test (int a)
 {
 If(a>4)
 a=a*3
 Print (a)
 }
Types Of White Box Testing - Decision Testing
Types Of White Box Testing - Decision Testing
Types Of White Box Testing - Decision Testing
Types Of White Box Testing - Data Flow Testing
 Data flow testing is a white-box testing technique that examines
the data flow with respect to the variables used in the code.
 It examines the initialization of variables and checks their values at
each instance.
 There are two types of data flow testing:
 Static data flow testing: The declaration, usage, and deletion of the
variables are examined without executing the code. A control flow
graph is helpful in this.
 Dynamic data flow testing: The variables and data flow are examined
with the execution of the code.
Types Of White Box Testing - Data Flow Testing
Types Of White Box Testing - Data Flow Testing
White Box Testing Techniques
 1) Statement Coverage
 2) Path Testing
 3) Branch Coverage
 4) Loop Testing
 5) Conditional Coverage
White Box Testing Techniques – Statement
Coverage
 This is like making sure you read every sentence in a book.
 In this technique, the aim is to traverse all statements at least once.
 A statement refers to a line of code in the software which performs
some action.
 Statement coverage refers to the percentage of statements covered
by white box testing out of the total statements.
 If all the statements in the program have been executed by a set of
tests, then it is said that 100% statement coverage has been achieved.
 However, if only half of the statements are executed then it is said
that 50% statement coverage has been achieved.
White Box Testing Techniques – Statement
Coverage
 Statement coverage percentage is calculated as :

 For example: Consider a function having following statements

White Box Testing Techniques – Statement
Coverage
 Case 1:

 Case 2 :
White Box Testing Techniques – Statement
Coverage
 Statement coverage covers:
 Dead code.
 Unused statements.
 Unused branches.
 Missing statements.
 The project team has to take decision on the statement coverage
goal for every project.
White Box Testing Techniques –Path Testing
 This is like reading a book’s possible combination of chapters. In code,
it means testing every possible path through the code from start to
finish.
 It ensures that every potential path is executed at least once,
uncovering hidden bugs that might only emerge under specific
conditions.
 Path Testing is a method that is used to design the test cases.
 In the path testing method, the control flow graph (CFG) of a
program is designed to find a set of linearly independent paths of
execution.
 Example: For the is_prime function, path testing involves creating
test cases that cover all paths through the function: checking numbers
less than or equal to 1, prime numbers, and non-prime numbers.
White Box Testing Techniques –Path Testing
 A Control Flow Graph (CFG) is a graphical representation of all the
paths that might be traversed through a program during its
execution.
 A control flow graph has 3 major components:
 1. Node: these are individual statements or blocks of code. For
example, in the code snippet below we have 3 nodes:
 int a = 0; // Node 1
 if (b > 0) { // Node 2
 a = b; // Node 3
 }
White Box Testing Techniques –Path Testing
 2. Edge: this is the flow of control from one node to another. It
indicates the execution flow of the program. There are 2 types of
edges:
 Unconditional edge: direct flow from one statement to another
without any condition
 Conditional edge: these are branches based on a condition (e.g.
True/False outcomes of an if-statement)
 Here we have a conditional edge from statement ‘if (b > 0)’ to
statement ‘a=b’.
 int a = 0;
 if (b > 0) {
 a = b;
 }
White Box Testing Techniques –Path Testing
 3. Entry/Exit Points: these represent the start and end of a program
in the CFG
 Let’s look at another example.
void exampleFunction(int x, int y)
{
if (x > 0)
{
if (y > 0)
printf("Both x and y are positive.\n");
else
printf("x is positive, y is non-positive.\n");
}
else
printf("x is non-positive.\n");
}
White Box Testing Techniques –Path Testing
 Here we have:

 7 nodes (1 entry point, 1 exit point, 5 decisions)

 1: Entry point of exampleFunction.
 2: if (x > 0).
 3: if (y > 0).
 4: printf("Both x and y are positive.\n");.
 5: printf("x is positive, y is non-positive.\n");.
 6: printf("x is non-positive.\n");.
 7: Exit point of exampleFunction.
White Box Testing Techniques –Path Testing
 Edges:
 (1 -> 2)
 (2 -> 3) if x > 0
 (2 -> 6) if x <= 0
 (3 -> 4) if y > 0
 (3 -> 5) if y <= 0
 (4 -> 7)
 (5 -> 7)
 (6 -> 7)
 There are 3 execution paths in total for this CFG to cover all 3
possible outcomes.
White Box Testing Techniques –Path Testing
White Box Testing Techniques –Path Testing
 A path represents the execution path inside a function.
 If a function has 2 decisions , then there are 22 = 4 paths.
 A decision is a statement which can have two branches.
 In case, there is a loop statement the number of paths is possibly
infinite. Here we use cyclomatic complexity to determine the least
number of path to tests as we cannot test infinite number of paths.
 McCabe’s Cyclomatic Complexity is used in path testing.
 C = Edges - Nodes + 2
 It is a structural testing method that uses the source code of a
program to find every possible executable path.
White Box Testing Techniques –Path Testing
 Let’s look at our CFG example once more.
 There are 8 edges (8 arrows) and 7 nodes.
 We have a Cyclomatic Complexity of 8 - 7 + 2 = 3. This means there
are 3 linearly independent paths through the program.
White Box Testing Techniques –Branch Coverage
 A branch refers to the outcome of a decision. It is easy to
understand if we look at following statement :
IF X> 2
 The above statement has 2 outcomes- True or False. Each one of them
is referred to as a branch.
 Branch coverage refers to the percentage of branches covered in a
piece of code with respect to total number of available branches.
 Branch Coverage (%) = (Number of branches executed / Total
number of branches) * 100%
White Box Testing Techniques –Branch Coverage
 Let’s Understand that with an example,
 Function GiftAmount(Condition1, Condition2, Condition3)
 {
 If(Condition1=TRUE)
Amount = 10000;
If(Condtion2= TRUE)
Amount = Amount+5000;
If(Condition3= TRUE)
Amount= Amount – 3000;
Return Amount;
}
White Box Testing Techniques –Branch Coverage
 There are 2 IF statements so each IF has 2 branches.
 So for above example : GiftAmount(True,True,True) is called so this
call will cover 4 branches.
 And if we call GiftAmount(False,False, False) it will cover 3 new
branches and 1 common branch.
 So all 7 branches will be covered by using two function calls (or test
cases).
White Box Testing Techniques –Loop Testing
 Loops refer to piece of code which can execute multiple times (upto
infinite times) and only get terminated if a condition becomes true.
 Loop testing is a white box testing technique and is used to test loops
in the program.
 Examples of types of loop tested are,
 Simple loop
 Nested loop
 Concatenated loop
 Unstructured loop
White Box Testing Techniques –Loop Testing
 1) Simple Loop
 Testing performed by one simple loop is known as Simple loop testing.
In simple loops normally added “for”, “while” or “do-while” loops in
which we have given condition and loop run and terminates according
to true and false condition result.
 This type of testing is performed basically to test the different
conditions of the loop.
 Below is the syntax of the simple while loop.
White Box Testing Techniques –Loop Testing
 2) Nested Loop
 Testing performed in a nested loop means loops under the loop is
known as Nested loop testing.
 This means a Nested loop is the finite number of loops inside another
loop. It may be for, a while, or a do-while loop. Below is the syntax of
the nested loop.
 Example:
White Box Testing Techniques –Loop Testing
 3) Concatenated Loop
 Testing done using the concatenated loop is known as Concatenated
loop testing.
 In a concatenated loop, one loop is after another loop. It is one type
of loop chain.
 The difference between nested and concatenated is that in the nested
loop one loop is inside the other loop and for Concatenated loop is
one loop after the other loop.
 In the concatenated loops, if two loops are tested as independent of
each other then they both are tested using simple loops or else test
them as nested loops.
White Box Testing Techniques –Loop Testing
 3) Concatenated Loop
White Box Testing Techniques –Loop Testing
 4) Unstructured Loop
 The unstructured loop is the combination of nested loops and
concatenated loops.
 It is basically a collection of loops that are in no order.
 In unstructured loops, the construction of the loops is must be
restructured for representing the use of structured programming
techniques.
 Example:
White Box Testing Techniques –Condition
Coverage

 Condition coverage testing is a type of white-box testing that tests all

the conditional expressions in a program for all possible outcomes of
the conditions.
 It is also called predicate coverage.
 In branch coverage, all conditions must be executed at least once.
 On the other hand, in condition coverage, all possible outcomes of
all conditions must be tested at least once.
White Box Testing Techniques – Condition
Coverage
 For example, consider the code snippet below:

 Branch coverage requires that the condition a > 0 is executed at least

once.
 Condition coverage requires that both the outcomes a > 0 = True and a
> 0 = False of the condition a > 0 are executed at least once.
White Box Testing Techniques –Condition
Coverage
White Box Testing - Advantages
 Thorough Testing : White box testing is thorough as the entire code
and structures are tested.
 Code Optimization: It results in the optimization of code removing
errors and helps in removing extra lines of code.
 Early Detection of Defects: It can start at an earlier stage as it
doesn’t require any GUI (Graphical User Interface).
 Integration with SDLC: White box testing can be easily started in
Software Development Life Cycle.
 Detection of Complex Defects: Testers can identify defects that
cannot be detected through other testing techniques.
White Box Testing - Disadvantages
 Programming Knowledge and Source Code Access: Testers need to
have programming knowledge and access to the source code to
perform tests.
 Overemphasis on Internal Workings: Testers may focus too much on
the internal workings of the software and may miss external issues.
 Bias in Testing: Testers may have a biased view of the software since
they are familiar with its internal workings.
 Test Case Overhead: Redesigning code and rewriting code needs test
cases to be written again.
White Box Testing - Disadvantages
 Dependency on Tester Expertise: Testers are required to have in-
depth knowledge of the code and programming language as opposed
to black-box testing.
 Inability to Detect Missing Functionalities: Missing functionalities
cannot be detected as the code that exists is tested.
 Increased Production Errors: High chances of errors in production.
Grey Box Testing -Introduction
 The Gray Box Testing is a combination of Black Box and White Box
Testing.
 The internal structure is partially known in Gray Box Testing.
 This includes access to internal data structures and algorithms to
design the test cases.
 Gray Box Testing is named so because the software program is like a
semitransparent or gray box inside which the tester can partially see.
 It commonly focuses on context-specific errors related to web
systems.
 Some tools & framework available for Grey Box testing are
BrowserStack, Selenium, Chrome DevTools, PostMan, Junit, NUnit
Grey Box Testing -Examples
 Web Application: User Login and Authentication
 Validating the login functionality with partial knowledge of the
authentication mechanism.
 Steps:
 Attempt login with valid and invalid credentials through the UI.
 Check backend logs to ensure proper error handling for invalid login
attempts (for example, no sensitive data leakage).
 Test session handling to confirm that valid tokens are issued and expired
after logout.
 Perform a security test to ensure brute force protection mechanisms are
in place.
 The purpose is to validate the functionality and security of the login
process by leveraging knowledge of authentication flows.
Grey Box Testing -Examples
 Mobile App: File Upload Feature
 Testing the file upload functionality with knowledge of server-side file
processing.
 Steps:
 Upload different types of files (valid and invalid formats) through the
mobile app interface.
 Monitor server-side processing to ensure proper validation and storage of
uploaded files.
 Check for error messages in the UI for invalid file formats.
 Confirm that uploaded files are securely stored and accessible only to
authorized users.
 The purpose is to ensure the file upload feature works correctly and
securely while maintaining proper communication between the client and
server.
Grey Box Testing -Types
Grey Box Testing - Types
 Matrix Testing
 Orthogonal Array Testing
 Regression Testing
 Pattern Testing
Grey Box Testing Types – Matrix Testing
 This testing technique comes under Grey Box testing.
 It defines all the used variables of a particular program. In any
program, variable are the elements through which values can travel
inside the program.
 It should be as per requirement otherwise; it will reduce the
readability of the program and speed of the software.
 Matrix technique is a method to remove unused and uninitialized
variables by identifying used variables from the program.
 In this technique, technical and business risks are defined by the
developers and a list of all application variables are provided. Each
variable is then assessed according to the risks it presents. You can
use this technique to identify unused or un-optimized variables.
Grey Box Testing Types – Regression Testing
 Regression testing is used to verify that modification in any part of
software has not caused any adverse or unintended side effect in any
other part of the software.
 During confirmation testing, any defect got fixed, and that part of
software started working as intended, but there might be a possibility
that fixed defect may have introduced a different defect somewhere
else in the software.
 So, regression testing takes care of these type of defects by testing
strategies like retest risky use cases, retest within a firewall, retest
all, etc.
Grey Box Testing Types – Orthogonal Array
Testing (OAT)
 The purpose of this testing is to cover maximum code with minimum
test cases.
 Test cases are designed in a way that can cover maximum code as well
as GUI functions with a smaller number of test cases.
 Orthogonal array testing is a technique you can use when your
application has only a few inputs that are too complex or large for
extensive testing.
 This technique enables you to perform test case optimization, where
the quality and number of tests performed balance test coverage with
effort.
 This technique is systematic and uses statistics to test pair-based
interactions.
Grey Box Testing Types – Pattern Testing
 Pattern testing is applicable to such type of software that is
developed by following the same pattern of previous software.
 In these type of software possibility to occur the same type of
defects. Pattern testing determines reasons of the failure so they can
be fixed in the next software.
 Pattern testing is a technique that evaluates past defects to identify
patterns that lead to defects.
 Ideally, these evaluations can highlight which details contributed to
defects, how the defects were found, and how effective fixes were.
 You can then apply this information to identifying and preventing
similar defects in new versions of an application or new applications
with similar structures.
Grey Box Testing -Techniques
 1. Boundary Value Analysis
 2. Decision Table Testing
 3. State Transition Testing
Grey Box Testing Techniques – Boundary Value
Analysis
 The boundary value analysis technique tests the input values on or
within the boundary of a specific range for the system’s input domain.
 If you enter any value beyond this range, your system gives error
messages or unexpected behavior.
 The system’s program can’t handle cases when you enter an
unexpected input value, and it shows an error.
 You can further divide this technique into two categories – inner
boundary testing and outer boundary testing.
 For the inner boundary, you have to enter values within the range. So,
it will give a positive outcome.
 For the outer boundary, you need to enter values beyond the ranges.
That will give a negative outcome and a result of test failure.
Grey Box Testing Techniques – Boundary Value
Analysis
 For example, your system takes input between 1 and 50. When you
give a value of 1 or 50, or between these two numbers, your test has
passed. It is inner boundary testing.
 On the other hand, when you enter values like 0 or 51 or other
integers, your test becomes unsuccessful. So it’s outer boundary
testing.
 A common application of this testing is your mobile number field in
any app or web. This field only allows entering the integers
between 0 and 9. The system will show an error message if you
enter 10 or other integers.
Grey Box Testing Techniques – Decision Table
Testing

 With decision table testing, you must test your system’s behavior
according to the multiple inputs. This total procedure will be
captured in the form of a table.
 That means the table shows the inputs and their respective outputs.
 A loan amortization table is a practical example of decision table
testing. You must enter the inputs – year (annual)/ month (monthly),
total interest, and principal amount within your online loan EMI
calculator.
 The calculator will present these inputs and their corresponding
outputs (outstanding balances) in a tabular format.
Grey Box Testing Techniques – State Transition
Testing
 State transition testing checks the behavior of an application when it
goes through different states and transitions.
 A state indicates a condition or set of conditions under which you
must perform the testing.
 The transition indicates the change from one condition to another
condition.
 This testing aims to identify whether the system behaves as expected
within all the possible states and transitions.
 So, you must prepare the test cases to verify the states and check the
transitions are happening without any bottleneck.
Grey Box Testing -Techniques

 For example, when you pay any bill through your mobile banking
application, you have to test the following states –
 Verifying your bill details and the biller’s name
 Initializing the payment with the ‘Proceed to pay’ button’
 Choosing a payment method
 Entering security credentials (PIN/ CVV number, etc.)
 Payment confirmation
 So, the transition path will be –
 Verifying bill and the details of the biller> initializing payment >
choosing payment method > entering security credentials > payment
confirmation.
Grey Box Testing - Advantages
 Clarity of goals: It helps in keeping testers and developers separate,
which reduces any disagreement between them.
 Done from user perspective: Gray box testing is mostly done by the
user perspective.
 High programming skills not required: Testers are not required to
have high programming skills for this testing.
 Non-intrusive: Gray box testing is non-intrusive as it is based on
functional specification, architectural view whereas not on source
code or binaries which makes it invasive too.
 Improved product quality: Overall quality of the product is improved.
 Instant Fixing: It results in the instant fixing of the issues as a tester
can change the partially available code to check for the results.
Grey Box Testing - Advantages
 Defect fixing: In gray box testing, developers have more time for
defect fixing.
 Benefits of black box and white box testing: By doing gray box
testing, benefits of both black box and white box testing is obtained.
 Unbiased: Gray box testing is unbiased. It avoids conflicts between a
tester and a developer.
 Effective testing: Gray box testing is much more effective in
integration testing.
Grey Box Testing - Disadvantages
 Difficulty in defect association: Defect association is difficult when
gray testing is performed for distributed systems.
 Limited access to internal structure: Limited access to internal
structure leads to limited access for code path traversal.
 Source code not accessible: While doing grey box testing, testers do
not have access to the source code, so it becomes difficult to get
complete code path coverage and testers might fail to notice some
critical vulnerabilities.
 Not suitable for algorithm testing: Gray box testing is not suitable for
algorithm testing as accessing the complete logic of the algorithms is
not possible.
 It is usually not suitable for distributed systems.
White box V/s Grey Box Testing