Sign up for a free recipe e-book →

Dabbaghi.com

Black Box, White Box, and Gray Box Testing

Published by

Iman Dabbaghi

on

Black Box Testing

What it is: Testing the application without knowledge of its internal code or structure. The tester only sees inputs and outputs.

Focus: Functionality, not implementation.

Key points:

  • Based on requirements and specifications
  • No need to read or understand the source code
  • Common techniques: equivalence partitioning, boundary value analysis, decision tables
  • Often performed by QA engineers or end users

Use it when:

  • Validating user-facing features against requirements
  • Running acceptance testing (UAT)
  • Testing third-party APIs or services with no code access
  • You want unbiased testing, free from implementation assumptions

White Box Testing

What it is: Testing with full knowledge of the internal code, logic, and structure.

Focus: Internal logic, paths, and code quality.

Key points:

  • Requires access to source code
  • Common techniques: statement coverage, branch coverage, path coverage
  • Typically performed by developers
  • Tools: unit testing frameworks (JUnit, pytest, Jest), code coverage tools

Use it when:

  • Writing unit tests
  • Checking edge cases inside complex logic
  • Verifying all code paths are covered
  • Refactoring code and need confidence nothing broke

Gray Box Testing

What it is: A mix of both. The tester has partial knowledge of internals (e.g., database schema, API structure) but tests mostly from a user perspective.

Focus: Integration points and behavior with some internal context.

Key points:

  • Bridges the gap between dev and QA
  • Useful for testing data flow and integration
  • Common in security testing (penetration testing) and integration testing

Use it when:

  • Testing integration between modules or services
  • You need realistic testing but some internal context speeds things up

Quick Comparison

AspectBlack BoxWhite BoxGray Box
Code knowledgeNoneFullPartial
Performed byQA / usersDevelopersQA + some dev knowledge
Test basisRequirementsCode structureBoth
Best forFunctional / acceptance testingUnit testingIntegration / security testing

Black box → „Does it work as expected?“

White box → „Is the code itself correct and well-tested?“

Gray box → „Does it work correctly given what I know about how it’s built?“

Hinterlasse einen Kommentar

Hallo!

I’m Iman

Mein Name ist Iman Dabbaghi. Ich arbeite als Senior Software Engineer in der Schweiz. Außerdem interessiere ich mich sehr für gewaltfreie Kommunikation, Bachata-Tanz und Musik sowie fürs die Persönlichkeitsentwicklung.

Ich habe einen Masterabschluss in Informatik von der Universität Freiburg in Deutschland, bin Spring/Java Certified Professional (OCP), Certified Professional for Software Architecture (CPSA-F) und ein lebenslanger Lernender 🎓.

EN:

My name is Iman Dabbaghi. I work as a Senior Software Engineer in Switzerland. I am also very interessted in nonviolent communication, Bachata dance and music and also for personal development.

I hold a masters degree in computer science from the university of Freiburg in Germany, am a Spring / Java Certified Professional (OCP), Certified Software Architecture (CPSA-F) and Life Long Learner🎓

Let’s connect

GFk Newsletter!

Jetzt die E-Mail Adresse eingeben und über die Termine benachrichtigt werden.

Neueste Beiträge