Advantages of white
box testing
·
Forces test developer
to reason carefully about implementation.
·
Approximates the
partitioning done by execution equivalence
·
Reveals errors in
"hidden" code:
·
Beneficent side-effects
·
Optimizations (e.g.
chartable that changes reps when size > 100)
·
As the knowledge of
internal coding structure is prerequisite, it becomes very easy to find out
which type of input/data can help in testing the application effectively.
·
The other advantage of
white box testing is that it helps in optimizing the code
·
It helps in removing the
extra lines of code, which can bring in hidden defects.
Disadvantages of
white box testing
·
Expensive
·
Miss cases omitted in the
code
·
As knowledge of code and
internal structure is a prerequisite, a skilled tester is needed to carry out
this type of testing, which increases the cost.
·
And it is nearly impossible
to look into every bit of code to find out hidden errors, which may create problems,
resulting in failure of the application
·
Not looking at the code in
a runtime environment. That's important for a number of reasons. Exploitation
of vulnerability is dependent upon all aspects of the platform being targeted
and source code is just of those components. The underlying operating system,
the backend database being used, third party security tools, dependent
libraries, etc. must all be taken into account when determining exploitability.
A source code review is not able to take these factors into account
·
Very few white-box tests
can be done without modifying the program, changing values to force different
execution paths, or to generate a full range of inputs to test a particular
function
No comments:
Post a Comment