Netsparker Web Application Security Scanner

What is a White Box Testing?

In the previous Software Testing Class I have explain about Black Box testing. In this section I am introducing the What is White Box Testing, What do you verify in White Box Testing, White box testing techniques, white box testing definition, types of white box testing, white box testing example, advantages and disadvantages of white box testing etc.

White Box Testing (WBT) is also known as Code-Based Testing or Structural Testing. White box testing is the software testing method in which internal structure is being known to tester who is going to test the software.

White Box Testing Definition:

Testing based on an analysis of the internal structure of the component or system.

In this method of testing the testcases are calculated based on analysis internal structure of the system based on Code coverage, branches coverage, paths coverage, condition Coverage etc.

White Box Testing

White Box Testing

White box testing involves the testing by looking at the internal structure of the code & when you completely aware of the internal structure of the code then you can run your test cases & check whether the system meet requirements mentioned in the specification document. Based on derived test cases the user exercised the test cases by giving the input to the system & checking for expected outputs with actual output. In this is testing method user has to go beyond the user interface to find the correctness of the system.

Typically such method are used at Unit Testing of the code but this different as Unit testing done by the developer & White Box Testing done by the testers, this is learning the part of the code & finding out the weakness in the software program under test.

For tester to test the software application under test is like a white/transparent box where the inside of the box is clearly seen to the tester (as tester is aware/access of the internal structure of the code), so this method is called as White Box Testing.

The White-box testing is one of the best method to find out the errors in the software application in early stage of software development life cycle. In this process the deriving the test cases is most important part. The test case design strategy include such that all lines of the source code will be executed at least once or all available functions are executed to complete 100% code coverage of testing.

What do you verify in White Box Testing ?

In the White box testing following steps are executed to test the software code:

  • Basically verify the security holes in the code.
  • Verify the broken or incomplete paths in the code.
  • Verify the flow of structure mention in the specification document
  • Verifyt the Expected outputs
  • Verify the all conditional loops in the code to check the complete functionality of the application.
  • Verify the line by line or Section by Section in the code & cover the 100% testing.

Above steps can be executed at the each steps of the STLC i.e. Unit Testing, Integration & System testing.

In the White Box Testing verify the flow of the application. The pre designed test cases are executed with the help of input data & compare the output with the expected one & found mismatch if any means you found a bug.

White Box Testing Techniques

Here are some white box testing techniques used in White Box Testing?

In the White box testing the Code Coverage analysis is main part.
Code Coverage analysis helps to identifying the gaps in a test case suite. It allows you to find the area in the code to which is not executed by given set of test cases. Upon identifying ht gaps in the test case suite you can add the respective test case. So it helps to improve the quality of the software application.

In the market lots of white box testing tools are available to perform Code Coverage analysis. Here are some White Box Testing Techniques

Statement Coverage:
In this white box testing technique try to cover 100% statement coverage of the code, it means while testing the every possible statement in the code is executed at least once.
Tools: To test the Statement Coverage the Cantata++ can be used as white box testing tool.

Decision Coverage:
In this white box testing technique try to cover 100% decision coverage of the code, it means while testing the every
possible decision conditions like if-else, for loop and other conditional loops in the code is executed at least once.
Tools: To cover the Decision Coverage testing in the code the TCAT-PATH is used. This supports for the C, C++ and Java applications.

Condition Coverage:
In this white box testing techniquie try to cover 100% Condition coverage of the code, it means while testing the every possible conditions in the code is executed at least once.

Decision/Condition Coverage:
In this mixed type of white box testing technique try to cover 100% Decision/Condition coverage of the code, it means while testing the every possible Decisions/Conditions in the code is executed at least once.

Multiple Condition Coverage:
In this type of testing we use to cover each entry point of the system to be execute once.

In the actual development process developers are make use of the combination of techniques those are suitable for there software application.

Using above mentions testing white box testing techniques the 80% to 90% code coverage is completed which might be sufficient with white box testing.

How do you perform White Box Testing?

Let take a simple website application. The end user is simply access the website, Login & Logout, this is very siple and day 2 days life example. As end users point of view user able to access the website from GUI but inside there are lots of things going on to check the internal things are going right or not, the white box testing method is used. To explain this we have to divide this part in two steps. This is all is being done when the tester is testing the application using White box testing techniques.


The first & very important steps is to understand the source code of the application is being test. As tester should know about the internal structure of the code which helps to test the application. Better knowldge of Source code will helps to indentify & write the important test case which causes the security issues & also helps to cover the 100% test coverage. Before doing this the tester should know the programming languange what is being used in the developing the application. As security of application is primary objective of application so tester should aware of the security concerns of the project which help in testing. If the tester is aware of the security issues then he can prevents the security issues like attacks from hackers & users who are tring to inject the macious things in the application.

In the second step invovles the actual writing of test cases based on Statement/Decision/Condition/Branch coverage & actual execution of test cases to cover the 100% testing coverage of the software appliction. The Tester will write the test cases by diving the applications by Statement/Decision/Condition/Branch wise. Other than this tester can include the trial and error testing, manual testing and using the Software testing tools as we covered in the previous article.

Advantages and Disadvantages of White Box Testing:

Advantages of White Box Testing –

  • To start the testing of the software no need to wait for the GUI, you can start the White Box Testing.
  • As covering all possible paths of code so this is a thorough testing.
  • Tester can ask about implementation of each section, so it might be possible to remove unused lines of code which might be causing introduction of bug.
  • By executing equivalence use to approximates the partitioning.
  • As the tester is aware of internal coding structure, then it is helpful to derive which type of input data is needed to testing software application effectively.
  • White box testing allows you to help in the code optimization.

Disadvantages of White Box Testing –

  • To test the software application a highly skilled resource is required to carry out testing who know the deep knowledge of internal structure of the code which increase the cost.
  • Update test script is required if changing the implementation too frequently.
  • If the application under test large is size then exhaustive testing is impossible.
  • It is not possible for testing each and every path/condition of software program, which might miss the defects in code.
  • White box testing very expensive type of testing.
  • To analyze each line by line or path by path is nearly impossible work which may introduce or miss the defects in the code.
  • To test each paths or conditions may require different input conditions, so to test full application tester need to create fill range of inputs which may be a time consuming.
If you have any questions or add your valuable comments then please add in the below comments section. Your comments are always appreciated.
White Box Testing is contrasted with Black Box Testing. I will cover the “Differences between Black Box Testing and White Box Testing” in the next article.

27 comments to What is a White Box Testing?

  • Kranthi

    Nice article on White box testing, your posts gives me motivation to keep on my intention to create a blog one day. thank you for all

  • Vikas.P

    Can you please share the automation tools used for white box testing????? please

  • Biplab

    I am a fresher in testing field, Can you please any one send material for software testing (manual) and list of frequently asked interview questions?

    Thanks in advance-

  • Tejaswini H

    I think white box testing is not better in large application. I personally prefer black box testing better.

  • Claudirene

    this post was really awesome, congratulations and thank you very much for sharing it with us.

  • Erundina

    i find it very interesting and learning. thanks for posting anyway.


    Clearly focused on white-box testing . Nice article.

  • Dinesh

    i agree. thanks

  • Suppriya N

    Great post, Kanif. I think I will use these ideas to generate some conversation real life. Thanks for sharing nice tips!!

  • Rakesh M

    Its very good those who recently started their career in testing…..!

  • Smith Royan

    articles are very useful to me to understanding the things in a clear way. keep sending always

  • sathish b

    This is one of the excellent post.Your blog information is very classic and good.I like this post.

  • Roshna

    nice one… its very good for new Testers
    Thanks a lot….

  • Dalwinder sandhu

    nice testing..i agree .thanks

  • saurabh kr.

    I am a software developer having 3+ years of experience in development. i have much more interest in white box as i know the coding part being as a developer. Now i am very keen to work as a white box tester. Please guide me for this so that i can start and make my further career in white box.

    Thanks in Advance 🙂

  • mahesh

    can you explain the techniques by making some examples

  • Nila

    I am also a fresher in testing field, Can you please any one send material for software testing (manual & automation) and list of frequently asked interview questions?

  • kundan singh

    *Thank you*

  • Sunar

    Thanks very usefull

  • Ajay

    Nice article.

  • Naresh gupta

    you wrote bymistake Waterfall model instead of WhiteBox Testing during discussion of advantage or disadvantage of WBT and also miss third point in advantage of WBT. Please correct it.

  • krishnan

    I am a fresher in testing field, Can you please any one send material for software testing (manual & automation)

    • P.Krishan

      Did You Got it

    • Reddy L.

      Hi Krishan/Krishnan,

      I subscribed to Software Testing Class and I received the FREE eBook. This eBook is awesome and it is very much helpful freshers like you.

      Subscribe and get your copy:)

      Reddy L.

  • anju

    can u give the source code plzz!!

  • Kajol Madhavan

    can you please explain the white box testing and it’s real time implemention.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>