Page 62 - SOFTWARE TESTING & QUALITY ASSURANCE
P. 62
Unit 4: White Box Testing
A test case was developed to check for an account transfer from an external account to the company’s
account anonymously. In addition, the account and the transaction went through successfully. This
indicated a critical software failure.
Thus, risk assessment identified a weak authentication component in the payment component of the
system. Trust relationship boundaries and data-flow analysis were also conducted on the component.
After thorough testing, it was proved that a hacker could easily gain access to the company’s
administrative accounts where the hacker could redirect transactions from Myway’s account to another.
We can conclude that by performing risk analysis and white box testing in specific areas can quickly aid
in revealing the design assumptions and implementation errors. Hence, it is necessary to collect
information about the various bugs in software and analyze them.
Conclusion:
White box testing for security is very necessary and must follow a risk-based approach to balance the
testing effort. Architectural and design-level risk analysis provides the right plan to perform white box
testing.
White box testing can be used with black box testing to improve overall effectiveness of the software
tested, by uncovering programming and implementation errors.
Questions
1. Identify the steps carried out in white box testing for the payment modules.
2. Emphasize the importance of white box testing and discuss abuse test cases.
Adapted from (http://basicqafundamentals.blogspot.com/2011/01/case-study-for-white-box-testing.html)
4.3 Summary
• White box testing gives a better understanding of the intricacies in the software product.
• The aim of the white box testing is to ensure that the internal mechanisms of the product work
properly. It helps in code optimization.
• White box testing helps a software tester to analyze the design and code of the software and helps
to have a better understanding of both the black box testing and the white box testing.
• Formal reviews are the formal meeting conducted amongst the programmers to discuss the
design and the code of the software.
• Formal reviews are considered to be the first net, where bugs are captured.
• Peer reviews are conducted amongst the programmers and testers to review each other’s work
• Walkthrough is the second stage of formal review, where the programmer explains the meaning of
the code; line by line or function by function to a team of four to five members.
• Inspections are the most formal process of reviewing, which follow a structured format.
• The participants in the inspection process are called inspectors and perform a task of reviewing
the code backwards, from end to beginning, to ensure that the product has been evenly reviewed.
• The three reasons for adhering to standards and guidelines are Reliability, Readability or
Maintainability and Portability.
• Static white box testing, which examines the code, is considered to be the best means to find
errors early.
• Static analyzers are available in the market to automate the testing approach.
• Compilers are improved by enabling their level of error checking and this helps them to find the
errors in the code review.
LOVELY PROFESSIONAL UNIVERSITY 55
