Software errors are fact of life. It is impossible to achieve error free software. The programmer can't write error free code every time. So, testing is very important to find bugs and it takes lots of effort to make error free software. This paper introduces white-box testing, how to execute white-box testing, tools and techniques suitable to white-box testing and white-box testing for security. The paper described the white-box testing, strategy and plan for testing, testing tool and techniques for white-box testing.
Black-box (functional) testing and white-box (structural) testing are two main approach of software testing. In black-box testing, software is tested over functional inputs and outputs are observed for rightness. What is inside the box-doesn't issue. Black-box testing has many advantages but it is not enough. In real life, there are too many different types of inputs for system. So it is impossible to run all the test cases sometimes. In the black-box testing it is impossible to verify whether potions of the code have been executed. One solution of this problem is to use white-box testing. White-box testing is performed based on internal structure of application. Knowledge of application code and internal structure is required in white-box testing. It can be performed any time in the software development life cycle after code is developed because white-box testing requires to access internal structure of application. White-box testing includes risk analysis, data-flow analysis, control flow, exception handling to find the errors and to test the behavior of software application. In white-box testing, tester has to analyze design documents, source code etc. Tester has ability to think about cases and tester has knowledge about all testing tools and techniques. For security testing tester has to think as an attacker. White-box security testing can be defined as an approach to validate the developed security functionalities. Everett, Gerald D. and Raymond McLeod, in their book, Software testing, testing across the entire Software development life cycle make clear that tester should have idea of the fundamental principal of software testing.
To perform white-box testing, first of all tester has to perform risk analysis to show entire testing process. Testing strategy is a second stage that defines what activities are needed to achieve testing goals. After that tester has to develop test plan that arrange testing process. Prepare test environment, Execute test cases and make report of test result are last three stages to perform white-box testing.
The object of risk analysis is to identify specific threats that exist for the software. White-box testing should be based on structural design and design level risk analysis. The risk analysis helps to identify the threats which are present in components, the possibility of risk and the rate of failure of software application. Identify for risk in risk analysis are based on priority and effort is made to focus on high risk area. To achieve the target in time and budget, testers should design the testing strategy in proper way.
There are different types of techniques that perform the white-box testing. Types of testing techniques are: (1) Data flow analysis (2) Code-Based fault injection (3) Trust boundaries mapping (4) Code coverage analysis (5) Fuzzing. Following is described code coverage analysis. In the statement coverage tester checks all statements that are coming in path of program code. In branch coverage all edges should be tested. Example like if statement has two edges, the 'then' branch and the 'else' branch. Branch coverage is parallel to decision coverage. In that all decisions are calculate on True and False. In the path coverage testing all independent paths from code has been tested. The independent path is any path from the code that establishes at least new condition. A path represents the flow of execution from start point to end point of method. Possible path coverage can be founded by Cyclometic complexity. Cyclometic complexity is a metric of software that gives the logical complexity of program. Cyclometric complexity is defined as E - N + 2.Where E is the number of edges and N is the number of nodes. It is easy to understand path coverage using the flow graph. Flow graph shows logical control of program code. Using notation we can make flow graph. In that each circle represents the node and each arrow represent the edge. In the condition coverage every edge of code's control flow is passed through and all possible values of Boolean sub-expressions of the program are executed at least once. It is better than edge coverage because sometime if the statement does not apply because of condition or object value then branch is not entered.
Recently Developments in Whit-box testing techniques
Now a day's many companies doing research on automated testing tools for white-box testing. Automated testing is automating the manual process testing. There are many advantages of automated testing tools. Automated tools run faster than human users. Using tools we can run more tests in less time. It performs the same operation each time the code run. So, it reduces human error. There are many popular automation tools are available. Like, HP Quick Test Professional, Test Complete, Rational robot etc. In recently Microsoft developed Pex and Moles for white-box unit testing for .NET. This tool helps for unit testing of .NET application. It enables code analysis on the run time of application and it generates tests automatically. This tool analyze if statement, assertion, exception error and after that values are generated for tests. It also fixes the encountered troubles. Pex can also run with NUnit, MBUnit which are unit testing framework for all .NET languages. Using high code coverage Pex generate the test cases. Moles is also very useful tool. It allows replacing any function with delegates. It also provides the facility of drives and stubs for unit testing. It is very powerful tool for searching boundary conditions and assertion failures. It is a best tool for making our code better. Test complete is an also very useful tool for white-box testing techniques. It is developed by SmartBear software. It is very helpful to save time by creating test cases. Some tool support only one or more frameworks. Test complete is one of the testing tools that support any kind of application with any framework. Test complete can perform test to verify code, analyze databases and server performance. Test complete is very useful in regression testing when code of application is modified. The main features of Test Complete are: (1) Keyword Testing (2) full-Featured Test Editor (3) Test Record and Playback (4) Script Debugging Features (5) Unicode support (6) Issue-Tracking support (7) Test Visualize. So, now a day many companies launch automated testing tool which are useful to reduce time, cost and increase software efficiency. In automated testing tester has knowledge of writing macros and script to execute test cases. But in some of fully developed testing tool, there is no need to write more script for executing test cases. So, it is very useful to reduce time and human effort.
White-box testing is a very important testing to find out the fault. You can remove many bugs using this technique if the classifications of bugs are more controllable. There are many advantage and also disadvantages of this technique. This technique helps to optimize the code and also in removing the extra lines of code. The disadvantage is that in this type of testing the more skilled tester are require because the knowledge of code is required, so which increase the cost. And other thing is it is impossible to cover every line of code to find out hidden bugs, so sometimes it creates problem and result will be crash of application. The advantages are more so, to achieve the error free software the white-box testing is very useful.