A software development company has hired a programmer to develop a plug-in module to an
existing proprietary application. After completing the module, the developer needs to test the entire
application to ensure that the module did not introduce new vulnerabilities. Which of the following
is the developer performing when testing the application?

A.
Black box testing

B.
White box testing

C.
Gray box testing

D.
Design review

Explanation:
In this question, we know the tester has some knowledge of the application because the tester
developed a plug-in module for it. However, the tester does not have detailed information about
the entire application. Therefore, this is a grey-box test.
Gray box testing, also called gray box analysis, is a strategy for software debugging in which the
tester has limited knowledge of the internal details of the program. A gray box is a device, program
or system whose workings are partially understood.
Gray box testing can be contrasted with black box testing, a scenario in which the tester has no
knowledge or access to the internal workings of a program, or white box testing, a scenario in
which the internal particulars are fully known. Gray box testing is commonly used in penetration
tests.
Gray box testing is considered to be non-intrusive and unbiased because it does not require that
the tester have access to the source code. With respect to internal processes, gray box testing
treats a program as a black box that must be analyzed from the outside. During a gray box test,
the person may know how the system components interact but not have detailed knowledge about
internal program functions and operation. A clear distinction exists between the developer and the
tester, thereby minimizing the risk of personnel conflicts.