White Box Testing: When and How to Apply It

To better understand the scope of vulnerabilities built within an application, you need to design and apply the proper test scenarios. Wizeline Software Engineer in Test, Jorge Gonzalez, shares when and how to apply the White Box Testing method.

When developing a software application, there are times when we need to think and design test scenarios that will give us the full scope of vulnerabilities and bugs built within an app.

However, as the usual approach to testing becomes an exchange of input data and expected outputs, it behaves more like a “Black Box,” where (for the test execution purposes) the internal process is unknown, and only focus is on the data and expected results.

As long as this approach is practiced, it sometimes generates “blind spots” of how the application works and how it is supposed to be. This is when White Box Testing comes into the picture. But first, let’s explain a little bit of what is this approach is all about.

White Box Testing (also known as Clear Box and Structural Testing) is a method of software testing that tests internal structures or workings of an application. Though this method of test design can uncover many errors or problems, it can miss unimplemented parts of the specification or missing requirements [1].

Levels of Testing

The basic levels of testing include:

1. Unit testing

White-box testing is done during Unit testing to ensure that the code is working as intended before any integration happens with previously tested code. White-box testing during Unit testing helps find any defects early on, and aids in preventing any defects that occur later on after the code is integrated with the rest of the application, and therefore prevents any errors later.

2. Integration testing

White-box testing at this level is written to test the interactions of interfaces with each other. Unit-level testing makes sure that each code is tested and working as needed in an isolated environment. On the other hand, Integration testing helps to determine the correctness of the behavior in an open environment through the use of White Box testing for any interactions of interfaces that are known to the programmer.

3. Regression testing

White box testing during Regression testing is the use of recycled White-box test cases at the unit and integration testing levels. [2]

How to Apply It 

To apply the various testing strategies:

1. Understand the source code

At first glance, this seems very logical but is not very clear most of the time. When working with the codebase, we need to verify all the possible paths and loops that a single module/function follows through the code execution. This technique is known as Code Analysis.” Although we can achieve this manually, there are some tools like “Fortify Scan or “Sonarqubethat can give us an automated approach over the source code. [3]

2. Design and execution of test cases

There are many approaches to define a White-box test suite. However, one of the most effective strategies is “Divide and Conquer,” we can start testing small modules or functions, applying the next set of techniques:

1. Branch coverage: Verifies every possible path (if-else and conditional loops) of the application.

2. Statement coverage: Requires that every statement of the code to be tested at least once.

By using Statement and Branch coverage, we can achieve between 80% to 90% of code coverage, which is sufficient.

White Box Testing is very helpful when you are adopting a Shift Left Testing approach when involving all the Development team in the Testing design and automation effort. This approach can help take the quality of ownership to the next level.

Our team can recommend custom solutions for application management and different testing scenarios. Visit to learn more or contact us here.

By Jorge Gonzalez Pliego, Software Engineer in Test
By Jorge Gonzalez Pliego, Software Engineer in Test

Nellie Luna

Posted by Nellie Luna on January 8, 2020