Page 127 - SOFTWARE TESTING & QUALITY ASSURANCE
P. 127
Software Testing and Quality Assurance
Gray Box Testing
This testing strategy is a combination of both white box and black box testing. The purpose of Gray box
Web site testing is to isolate defects related to bad design or bad implementation of the Web site. In gray
box testing, the test engineers should have the knowledge or understanding of the Web site and should
be able to design test cases or test data based on their knowledge about the Web site.
Consider a case wherein you need to test a Web site whose functionality is to
take users’ personal details like email id/address and field of interest on the
Web form and submit.
The server will get these personal details and based on the field of interest,
will pick some articles and mail them to the user’s email id/address. The
validation of the email will happen at the client side using Java Scripts.
In this case you can test the Web form with valid/invalid email addresses and
different fields of interest (similar to the black box testing) to make sure that
the Web site is working fine.
However, similar to white box testing, you need to analyze how the Web site
can identify invalid mail IDs, how it can restrict sending mail to invalid IDs,
and how the server will not receive notice for any failure- messages which
have been sent to the client.
While performing Gray box testing for Web sites, following the seven steps given below would prove
useful:
1. Identifying Threats to the Application: The profile of a threat is created to help the testing team
to study the application’s functions and features in detail.
2. Analyzing the Technical Architecture: The technical architecture, which is the most important
feature in a gray box testing, should be analyzed. The various aspects of authentication,
application components, interfacing with external systems, user session tracking and database
interfaces are to be studied.
3. Analyzing Application Parameters: Various application parameters or variables that are used for
exchanging information with the web server should be identified and analyzed.
4. Mapping Application Parameters to Threats: If there are any threats with regard to the above
parameters, they are marked for testing. For example, in an internet banking application where
funds are transferred from one account to another, the variables such as session ID have to be
verified at each transaction point.
5. Developing Test Cases: Develop the test cases to test both the structural and functional aspects of
the Web application.
6. Executing Test Cases: Use appropriate tools (manual/automated tools) to execute the developed
test cases.
7. Reporting and Documenting the Results: After executing the test cases, report the results. The
results are documented to provide metrics information.
Gray box testing is applicable for Web site testing because it can be performed in complex design
environment and under inter-operability conditions. The issues which cannot be addressed through
black box or white box testing strategies can be easily addressed easily through gray box testing.
Gray box testing does not cover context specific errors of Web applications.
120 LOVELY PROFESSIONAL UNIVERSITY
