SBP Blog

Gray-box: the bridge between black-box and white-box testing

May 14, 2012 by AlexI

Traditionally, software testing is divided into two major methods:

 * Black-box testing is used for running tests from the user’s point of view, being focused on the application’s functionalities, features and also design. An important advantage of this testing method is that it's inexpensive, it's performed exclusively from the application's user interface and no implementation knowledge is required whatsoever. However, black-box testing has quite a few disadvantages, such as: not all possible paths can be realistically tested within an adequate time-frame, or that the cause of the issues found may be hard to determine by the output of the user interface alone.

 * On the other hand, white-box testing is employed for testing mainly the internal workings of an application (the source code) rather than its functionalities. For this type of testing programming knowledge is a must and is required in order to design test cases. This is the main reason why most of the time this type of testing is performed by developers and not by testers. As a consequence, this type of testing is considered to be more expensive than black-box testing. Even more, testing the whole code of an application is nearly impossible, as there are numerous paths that could be tested in a module and in the interaction between modules. Also, white-box doesn't have the objectivity of black-box testing, as tests are performed by programmers (the ones in charge with the development).

Most projects use these two testing methods complementary, white-box is preferred for unit testing and optimizing code, while black-box testing for integration testing, system testing and acceptance testing (although it can be applied successfully to any testing level).

Apart from these two testing methods, another methodology has become more and more popular: gray-box testing. Gray-box testing attempts, and generally succeeds, to combine the benefits of both black-box and white-box testing methods, thus cancels out some of the flaws of each testing method when used individually.

Gray-box testing takes the straight-forward approach of black-box testing, but also employs some limited knowledge of the inner workings of the application. Therefore, a tester can verify both the output of the user interface and also the process that leads to that user interface output. Gray-box testing can be applied to most testing phases, however it is mostly used in integration testing.

A tester with little programming knowledge can create test cases based on the code, and then apply them to the user interface elements of the application. This way, the whole process is tested not only the output, eliminating some of the major problems of black-box testing: the difficulty of determining the cause of the issue, "blind" testing that can become time consuming and sometimes completely misses important issues.

Let me give you an example: you have an application that manages the employees of a company and you need to test the process of adding an employee. The form contains fields for various information (phone numbers, emails, address, etc.), so there are values of different types. If the black-box tester will have to create test cases for all possible combinations of types of values, for each field, the gray-box tester has access to the database and knows exactly what type of value each field has. So he can design test cases with specific vulnerabilities in mind, but he'll also cover possible user interface issues, as this is where he will apply his test cases.

The advantages of using gray-box testing are obvious, it combines the strengths of both black and white testing, it's non-intrusive, as testers don't have access to the entire code, testers can author better test cases due to the extra knowledge of the application and more. However, gray-box testing inherits some of the disadvantages of black and white box testing methods, such as: the fact that it can only achieve partial code coverage and it requires better trained testers.

Overall, gray-box testing has become a popular testing method, and some testers don't even realize that they use it, as even the most untrained tester can pick up on tips and tricks about the inner workings of applications, given enough experience. So the process of upgrading from black-box testing to gray-box testing is a natural one, its speed depending only on the determination of the tester, and on the characteristics of the development process.
More precisely: if the process is based on the effectiveness of the black-box testing, as a "non-biased" and "agnostic" method, then gray-box testing will work against that. But if the development process tries to accumulate the benefits of both black-box and gray-box (for example, some of the members of the testing team can use exclusively black-box testing, while others are also allowed to rely on white-box), then gray-box testing is also a good option.

Other articles:

Suite-based testing: a challenging job
Manual vs. automated testing

Tags: Programming  Testing 


QA InfoTech commented on 6/20/2012 5:35:54 AM

From my end, a 'No' to black box testing, because if problems occur outside of user-interface scenario, it'll be difficult for end users to fix those. As for Gray box, I think it's suitable for enterprises because this model is compatible with <a href="">outsourced software testing</a> as someone with little knowledge in programming can study cases. Thus, it'll be inexpensive.

AlexI commented on 6/20/2012 11:30:39 AM

Thank you for sharing your thoughts on this subject, but I wouldn't hurry to dismiss black box testing. Black box testing is still an important part of the testing process and I think it will continue to be so for a long time. It's biggest strength is that it's non-biased - the piece of software is judged as it would be by the users themselves.

No testing method is truly perfect, that's why a lot of companies employ multiple testing teams, each having its own testing pattern. In the end, the most suitable testing method is the one that gives the best results considering the environment, the number of employees and many other factors.

Cape Coral Website Design commented on 8/16/2012 5:32:32 AM

I was certainly confused about black box testing and gray box testing, but after reading your post, I am quite clear about it. Thanks for sharing various testing briefly.

Event Management commented on 9/4/2012 8:03:50 AM

Resourcive to gain more about gray-box testing and its functional aspects that enriched my mind about this concept.

Toiletter commented on 10/9/2012 10:26:22 AM

Knowing more about Black-box testing,white-box testing,Gray-box testing and thier functionary aspects with their relative terms and thier definitions as well as made my knowledge enriched.

Prashant commented on 7/11/2013 1:14:47 PM

Gray box testing is an approach between black box and white box. While approaching this strategy you need to know the internal source code of the application. It is well explained in this blog you can see here- <a href=""></a>

order winning personal statement commented on 10/15/2013 8:27:02 AM

I finally got the difference between black box and grey box testing. Thanks! I will read some more information and then I'll start writing a research paper on this topic.

QTP Training in Chennai commented on 12/31/2014 8:49:08 AM

QTP is flagship automation testing tool, which is used to perform functional and regression testing on a software application. Training on this automation will ensure lucrative career opportunity for aspiring professionals.

Your Comment: