Date Archives February 22, 2018

White Box, Black Box, and Gray Box


In software testing, there are three different types of testing depending on how much knowledge the testers have on the software being tested.

White Box Testing

  • With full knowledge of the software. (internal structures, source codes, etc.)
  • Usually tests how the software performs.
  • Suitable for software developers.

Black Box Testing

  • Without having any knowledge of the software. (internal structures, source codes, etc.)
  • Usually tests for functionality of the software.
  • Suitable for third-party testers.

Gray Box Testing

  • Test with partial knowledge of the software.

Testing Methods


These are currently popular methods to test software.

Fuzz Testing

  • Input massive invalid, unexpected, or random data(Fuzz) to find errors or vulnerabilities in the software.
  • Effective on blackbox testing


Stochastic Testing

  • Input random sequence of datas 


Model-based Testing

  • Generates meaningful test case models which can detect errors on the desired behavior.


Symbolic Testing

  • Replace inputs of program with symbolic variables.
  • Find the feasibility of all paths in the program.
  • Quite expensive for finding feasibility of path.
x = read();
if (x > 3) {
  y = 1;
  if (x < 0)
    y = 2;
} else y = 3;

After changing with symbolic variables, it checks the feasibility of paths. On above example, the expression (y = 2; on line #5) will not be reached.


Concolic Testing (Concrete + Symbolic)

  • Input actual concrete value to the program, then generate new input by changing the path condition.
  • Less expensive then Symbolic testing.