White box testing process: Input Section
Some of the artifacts relevant to white box testing include source code, a risk analysis report, security specification/requirements documentation, design documentation, and quality assurance related documentation.
- Source code is the most important artifact needed to perform white box testing. Without access to the code, white box testing cannot be performed, since it is based on testing software knowing how the system is implemented.
- Architectural and design risk analysis should be the guiding force behind all white box testing related activities, including test planning, test case creation, test data selection, test technique selection, and test exit criteria selection. If a risk analysis was not completed for the system, this should be the first activity performed as part of white box testing. The following section discusses risk analysis.
- Design documentation is essential to improve program understanding and to develop effective test cases that validate design decisions and assumptions.
- Security specifications or requirements are a must, to understand and validate the security functionality of the software under test.
- Security testers should have access to quality assurance documentation to understand the quality of the software with respect to its intended functionality. Quality assurance documentation should include a test strategy, test plans, and defect reports. Load and performance tests are important in understanding the constraints placed on the system and the behavior of the system under stress.
- Any artifact relevant to program understanding should be available to white box testers.
No comments:
Post a Comment