A software development company has hired a programmer to develop a plug-in module to an existing
proprietary application. After completing the module, the developer needs to test the entire application
to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer
performing when testing the application?
A.
Black box testing
B.
White box testing
C.
Gray box testing
D.
Design review
Explanation:
In this question, we know the tester has some knowledge of the application because the tester developed
a plug-in module for it. However, the tester does not have detailed information about the entire
application. Therefore, this is a grey-box test.
Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has
limited knowledge of the internal details of the program. A gray box is a device, program or system whose
workings are partially understood.Gray box testing can be contrasted with black box testing, a scenario in which the tester has no
knowledge or access to the internal workings of a program, or white box testing, a scenario in which the
internal particulars are fully known. Gray box testing is commonly used in penetration tests.
Gray box testing is considered to be non-intrusive and unbiased because it does not require that the
tester have access to the source code. With respect to internal processes, gray box testing treats a
program as a black box that must be analyzed from the outside. During a gray box test, the person may
know how the system components interact but not have detailed knowledge about internal program
functions and operation. A clear distinction exists between the developer and the tester, thereby
minimizing the risk of personnel conflicts.
Incorrect Answers:
A: Black-box testing is a method of software testing that examines the functionality of an application
without peering into its internal structures or workings. This method of test can be applied to virtually
every level of software testing: unit, integration, system and acceptance. It typically comprises most if not
all higher level testing, but can also dominate unit testing as well.
Specific knowledge of the application’s code/internal structure and programming knowledge in general is
not required. The tester is aware of what the software is supposed to do but is not aware of how it does
it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not
aware of how the software produces the output in the first place.
In this question, the tester has some knowledge of the application.
B: White-box testing (also known as clear box testing, glass box testing, transparent box testing, and
structural testing) is a method of testing software that tests internal structures or workings of an
application, as opposed to its functionality (i.e. black-box testing). In white-box testing an internal
perspective of the system, as well as programming skills, are used to design test cases. The tester chooses
inputs to exercise paths through the code and determine the appropriate outputs. This is analogous to
testing nodes in a circuit, e.g. in-circuit testing (ICT).
White-box testing can be applied at the unit, integration and system levels of the software testing
process. Although traditional testers tended to think of white-box testing as being done at the unit level,
it is used for integration and system testing more frequently today. It can test paths within a unit, paths
between units during integration, and between subsystems during a system–level test.
In this question, the tester has some knowledge of the application but not the detailed knowledge
required for a white-box test.D: A design review in terms of application development is the process of reviewing the design of the
modules and units used in the application. However, in this question, the application has already been
developed. Furthermore, a design review does not describe the process of testing an application.http://searchsoftwarequality.techtarget.com/definition/gray-box
http://en.wikipedia.org/wiki/Black-box_testing
http://en.wikipedia.org/wiki/White-box_testing