What is Black Box Testing?

Black box testing is a software testing techniques in which functionality of the software under test
(SUT) is tested without looking at the internal code structure, implementation details and knowledge
of internal paths of the software. This type of testing is based entirely on the software requirements and
specifications.

In Black Box Testing we just focus on inputs and output of the software system without bothering
about internal knowledge of the software program.

The above Black Box can be any software system you want to test. For example : an operating system like
Windows, a website like Google ,a database like Oracle or even your own custom application. Under Black
Box Testing, you can test these applications by just focusing on the inputs and outputs without knowing
their internal code implementation.

Black box testing - Steps

Here are the generic steps followed to carry out any type of Black Box Testing.
 Initially requirements and specifications of the system are examined.
 Tester chooses valid inputs (positive test scenario) to check whether SUT processes them correctly .
Also some invalid inputs (negative test scenario) are chosen to verify that the SUT is able to detect them.
 Tester determines expected outputs for all those inputs.
 Software tester constructs test cases with the selected inputs.
 The test cases are executed.
 Software tester compares the actual outputs with the expected outputs.
 Defects if any are fixed and re-tested.

Types of Black Box Testing

There are many types of Black Box Testing but following are the prominent ones -
 Functional testing – This black box testing type is related to functional requirements of a system;
it is done by software testers.
 Non-functional testing – This type of black box testing is not related to testing of a specific
functionality, but non-functional requirements such as performance, scalability, usability.
 Regression testing – Regression testing is done after code fixes, upgrades or any other system
maintenance to check the new code has not affected the existing code.

Tools used for Black Box Testing:

Tools used for Black box testing largely depends on the type of black box testing your are doing.
For Functional/ Regression Tests you can use - QTP
For Non-Functional Tests you can use - Loadrunner

Black box testing strategy:

Following are the prominent test strategy amongst the many used in Black box Testing
 Equivalence Class Testing: It is used to minimize the number of possible test cases to an
optimum level while maintains reasonable test coverage.
 Boundary Value Testing: Boundary value testing is focused on the values at boundaries. This
technique determines whether a certain range of values are acceptable by the system or [Link] is very
useful in reducing the number of test cases. It is mostly suitable for the systems where input is within
certain ranges.
 Decision Table Testing: A decision table puts causes and their effects in a matrix. There is unique
combination in each column.

Comparison of Black Box and White Box Testing:

While White Box Testing (Unit Testing) validates internal structure and working of your software
code, the main focus of black box testing is on the validation of your functional requirements.
To conduct White Box Testing , knowledge of underlying programming language is essential. Current
day software systems use a variety of programming languages and technologies and its not
possible to know all of them. Black box testing gives abstraction from code and focuses testing
effort on the software system behaviour.
Also software systems are not developed in a single chunk but development is broken down in
different modules. Black box testing facilitates testing communication amongst
modules (Integration Testing) .
In case you push code fixes in your live software system , a complete system check (black box regression
tests) becomes essential.
Though White box testing has its own merits and help detect many internal errors which may
degrade system performance
Black Box Testing and Software Development Life Cycle (SDLC)

Black box testing has its own life cycle called Software Test Life Cycle (STLC) and it is relative to
every stage of Software Development Life Cycle.
 Requirement – This is the initial stage of SDLC and in this stage requirement is gathered. Software
testers also take part in this stage.
 Test Planning & Analysis – Testing Types applicable to the project are determined. A Test Plan is
created which determines possible project risks and their mitigation.
 Design – In this stage Test cases/scripts are created on the basis of software requirement
documents
 Test Execution- In this stage Test Cases prepared are executed.

What is a White Box Testing?

White Box Testing is the testing of a software solution's internal coding and infrastructure. It focuses
primarily on strengthening security, the flow of inputs and outputs through the application, design and
usability. White box testing is also known as clear, open, structural, and glass box testing.

It is one of two parts of the "box testing" approach of software testing. Its counter-part, blackbox
testing, involves testing from an external or end-user type perspective. On the other hand, Whitebox
testing is based on the inner workings of an application and revolves around internal testing. The term
"whitebox" was used because of the see-through box concept. The clear box or whitebox name symbolizes
the ability to see through the software's outer shell (or "box") into its inner workings. Likewise, the "black
box" in "black box testing" symbolizes not being able to see the inner workings of the software so that only
the end-user experience can be tested
 What do you verify in White Box Testing ?

White box testing involves the testing of the software code for the following:
 Internal security holes
 Broken or poorly structured paths in the coding processes
 The flow of specific inputs through the coding infrastructure
 Expected output
 The functionality of conditional loops
 Testing of each statement, object and function on an individual basis

The testing can be done at system, integration and unit levels of software development. One of the basic
goals of whitebox testing is to verify a working flow for an application. It involves testing a series of
predefined inputs against expected or desired outputs so that when a specific input does not result in the
expected output, you have encountered a bug.

How do you perform White Box Testing?

To give you a simplified explanation of white box testing, we have divided it into two basic steps. This is
what testers do when testing an application using the white box testing technique:

STEP 1) UNDERSTAND THE SOURCE CODE

The first thing a tester will often do is learn and understand the source code of the application. Since white
box testing involves the testing of the inner workings of an application, the tester must be very
knowledgeable in the programming languages used in the applications they are testing. Also, the testing
person must be highly aware of secure coding practices. Security is often one of the primary objectives of
testing software. The tester should be able to find security issues and prevent attacks from hackers and
naive users who might inject malicious code into the application either knowingly or unknowingly.

Step 2) CREATE TEST CASES AND EXECUTE

The second basic step to white box testing involves testing the application’s source code for proper flow and
structure. One way is by writing more code to test the application’s source code. The tester will develop
little tests for each process or series of processes in the application. This method requires that the tester
must have intimate knowledge of the code and is often done by the developer. Other methods include
manual testing, trial and error testing and the use of testing tools as we will explain further on in this
article.

White Box Testing Techniques

A major White box testing technique is Code Coverage analysis. Code Coverage analysis, eliminates gaps
in a test case [Link] identifies areas of a program that are not exercised by a set of test [Link] gaps
are identified, you create test cases to verify untested parts of code, thereby increase the quality of the
software product
There are automated tools available to perform Code coverage analysis. Below are a few coverage analysis
techniques

Statement Coverage This technique requires every possible statement in the code to be tested at
least once during the testing process. Tools: An example of a tool that handles statement coverage for C+
+ applications is Cantata++
Branch Coverage – This technique checks every possible path (if-else and other conditional loops) of a
software application. Tools: An example of a tool that handles branch coverage testing for C, C++ and Java
applications is TCAT-PATH

Apart from above, there are numerous coverage types such as Condition Coverage, Multiple
Condition Coverage, Path Coverage, Function Coverage [Link] technique has its own merits and
attempts to test (cover) all parts of software code.
 Using Statement and Branch coverage you generally attain 80-90% code coverage which is
sufficient.

Types of White Box Testing

White box testing encompasses several testing types used to evaluate the usability of an application, block
of code or specific software package. There are listed below --

Unit Testing : It is often the first type of testing done on an application. Unit testing is performed on each
unit or block of code as it is developed.
Unit testing is essentially done by the programmer. As a software developer, you develop a few lines of
code, a single function or an object and test it to make sure it works before continuing
Unit testing helps identify majority of bugs, early in the software development lifecycle. Bugs identified in
this stage are cheaper and easy to fix.

Testing for Memory Leaks : Memory leaks are leading causes of slower running applications. A QA
specialist who is experienced at detecting memory leaks is essential in cases where you have a slow
running software application.
There are many tools available to assist developers/testers with memory leak testing , example , Rational
Purify for windows application

Apart from above a few testing types are part of both black box and white box testing. They are listed as
below –

White Box Penetration Testing: In this testing, the tester/developer has full information of the
application’s source code, detailed network information, IP addresses involved and all server information
the application runs on. The aim is to attack the code from several angles to expose security threats

White Box Mutation Testing: Mutation testing is often used to discover the best coding techniques to use
for expanding a software solution .

Ending Notes:
 White box testing can be quite complex. The complexity involved has a lot to do with the application
being tested. A small application that performs a single simple operation could be white box tested in
minutes, while larger programming applications take days, weeks and even longer to fully test.
 White box testing should be done on a software application as it is being developed, after it is
written and again after each modification

Read more at [Link]