Not Everything is Black and White: Exploring Black-Box, White-Box, and Gray-Box Testing
Black-box, white-box, and gray-box testing are among the most commonly administrated types of testing, but their definitions are often confused or misunderstood by testers, developers, and managers. The following is an overview of these three types of testing:
Black-box testing is an external type of testing, where the tester inputs data into the software, and only sees the output. Black-box testing is usually executed without any knowledge of the internal structure of the software, like the source code or system architecture. Testers perform testing only with knowledge of the specifications, requirements, and how the software is supposed to behave. Usually, black-box testing is performed by users other than the developer, like software testers in a Quality Assurance department or end-users. This type of testing can be done at many levels of testing - system integration testing, system testing, regression testing, and user acceptance testing. A helpful way to visualize black-box testing is testing a piece of electronic equipment with dials, buttons, and switches, and no way to peer inside. This would be considered black-box testing because you are only able to test the equipment externally, and cannot open up the equipment to see the internal wiring and components (i.e. a "black box" preventing someone from seeing what is inside).
White-box testing on the other hand provides a more internal view of the object or software being tested. Therefore, most white-box testing is done by the software developers because of their knowledge of the program logic, source code, and system architecture. Using the analogy of testing the electronic equipment, you would be able to see inside and test the internal wiring (i.e. a "white box" or "clear box" allowing a view inside and access to the internal components). White-box testing is most commonly applied during unit testing, but can also be performed during system intregration testing and system testing. An advantage of white-box testing is that defects can be found and corrected earlier in the SDLC, before software testers have the opportunity to perform black-box testing. White-box testing can reveal errors in the code, broken paths, and possible security exploits.
Finally, gray-box testing is a combination of both black-box and white-box testing, and is performed when the tester can see and understand both the internal and external test objects and software. The tester can then input information with a knowledge of the anticipated results, and verify that the output of data is correct based on the information that was input. Partial knowledge of the internal design can be gained through the use of documents describing the application's internal structure or algorithms and can be applied to test cases. The remainder of the gray-box testing is external, and therefore takes a more black-box focused approach.