The white box, or glass box testing, method analyzes the structure and flow of the software to unearth design problems that increase bandwidth and CPU usage, delay stimulus-response time and queue lengths, and more. This elements considered are programming language, logic, and styles rather than input and output values.
Some procedures to undertake white-box testing include:
- Control-flow testing, loop testing, and data-flow testing, all which entail mapping the corresponding flow structure of the software to a directed graph. Test cases derived from the program structure cover all the paths at least once and running such tests unearth "dead" or never executed redundant code.
- Mutation testing, or testing to make test cases fail and thereby demonstrate the adequacy of the software. Copy the original code to create many mutated programs, and perturb each copy to create mutants containing one fault, such as a change in syntax or some other error. Apply test cases to both original and each mutant software, and evaluate results. If both original and mutant software returns the same result, the test case is inadequate. If the test case is adequate, it detects some fault in the software, or one mutant code generates a different output than the result of the original software.
Software testing is a costly process, and the method adopted depends on a trade-off between budget, time, and required quality levels. Automated procedures help save time and cost but is difficult to achieve for testing tools lack generic applicability and scalability. Testing stops when reliability meets requirement, or when the benefit from further testing does not justify testing cost.
A good test reveals the usability, robustness, reliability, and overall quality of the product to the stakeholder, and the extent to which it fulfills the project charter. It generates data that allows developing an estimation model on the present reliability and predicts future reliability of the software. Developers and project managers use such tests as a basis to make further improvements or determine the quality level of the software, and security specialists use such tests to identify possible vulnerabilities when preparing a security master plan.