Richelle Zeny M.

Sinangote

AIT

BSA 4

MWF; 2:00 3:00 PM

GRAY BOX TESTING

Auditing computer applications uses several techniques and processes. Testing
such applications and having control techniques provide information about the accuracy
and completeness of an applications processes. Auditing computer application controls
then follows two general known approaches: the Black Box Approach and the White
Box Approach.
As experts continued to develop a technique that would cater the deficiencies of
the other techniques, the Gray Box Testing was created and will soon be fully known
and applied by all.
The Gray Box Testing, A Newly-Introduced Approach
Gray Box Testing, which is a combination of Black Box and White Box
Approaches, is a strategy for software debugging. Gray Box Testing is named so
because the software program, in the eyes of the tester is like a gray or semitransparent box wherein one can partially see. The aim of this approach or testing is to
search for the defects, if any, due to improper structure or usage of applications.
Gray box testing can be contrasted with black box approach, a scenario in which
the tester has no knowledge or access to the internal workings of a program, or white
box approach, a scenario in which the internal particulars are fully known. Gray box
testing is commonly used in penetration tests.
Gray box testing is considered to be non-intrusive and unbiased because it does
not require that the tester have access to the source code. With respect to internal
processes, gray box testing treats a program as a black box that must be analyzed from
the outside. During a gray box test, the person may know how the system components
interact but not have detailed knowledge about internal program functions and

operation. A clear distinction exists between the developer and the tester, thereby
minimizing the risk of personnel conflicts.
Gray Box Testing is beneficial because it takes the straightforward technique of
black-box testing and combines it with the code-targeted systems in white-box testing. It
is based on requirement test case generation because it presents all the conditions
before the program is tested by using the assertion method. A requirement specification
language is used to make it easy to understand the requirements and verify its
correctness.
Gray Box Testing is well suited for web applications. Web applications have
distributed network or systems; due to absence of source code or binaries it is not
possible to use white-box testing. Black-box testing is also not used due to just contract
between customer and developer, so it is more efficient to use gray-box testing as
significant information is available in Web Services Description Language (WSDL). It is
also suited for functional or business domain testing due to its characteristics.
Functional testing is done basically a test of user interactions with may be external
systems. It also helps to confirm that software meets the requirements defined for the
software.
This approach uses the following techniques: matrix testing which states the
status report of the project, regression testing which implies rerunning of the test cases
if new changes are made, pattern testing which verifies the good application for its
design or architecture and patterns, and orthogonal array testing which is used as
subset of all possible combination.
Gray Box Testing is indeed a middle ware of Black Box and White Box
Approaches. When using this approach, the internal structure could be partially known;
hence, it provides a balance that supports each first introduced approaches
inadequacies.