White Box Testing

There are many things that a tester has to do while testing the code and performing white-box testing. For instance, a tester will need to read, understand and analyze the code; find code optimization bugs and coding standards related to bugs; find hardcoded fixes; find security vulnerabilities in the code and suggest countermeasures for them.

Below are some tips to test the code of a web application. The list isn’t comprehensive but helps a tester to start off with testing a code. These tips simply act as pointers for testers to explore and brainstorm the different test ideas.

Quick Tips (brainstormed test ideas by the author):

  • Code compliance standards checker W3C Compliant
  • Commenting Look for comments which are not supposed to be shown to end-user
  • URL redirects Finding vulnerabilities with the design of re-directs
  • GZIP encoding Look if GZIP encoding is enabled for the code to better performance
  • Analyze the logic by reading the code
  • Do some changes in the code and look at the result
  • Code optimization Suggest if any optimization can be done in the code which is better than the existing one
  • Testability Code readability / Indentations
  • Good text editors like Notepad++ or EditPlus to help you analyze the code
  • Analyze changes made to code before and after changes were made by a developer (Beyond Compare Tool can be used for this)
  • Look for coding standards and identify if they are being followed [If something is better than the standard then it doesn’t mean you should force it to revert back to standard].
  • Look for SQL Injection vulnerable queries [Learn about MySQL, Oracle etc. database which is used in the product]
  • Look for the versions of programming languages used [Example: ASP, PHP etc.]
  • Authentication What kind of encryption is being used
  • Storing username and password Storing as plain password or with some hashes in the database?
  • What algorithm is being used to generate hash tokens? Rand () or what exactly?
  • CSS style sheets Are they written in the single file like index.html or they are being referenced, referencing them might help in improving performance
  • HTML 5 Learn which browsers support the newly introduced tags
  • Deploy the code using different web servers which could be a case study even if the product is not supporting other web servers
  • Download the add-ons which could help you to traverse through the code from GUI [Example: Pendule, Firebug, CSS scan and more] Refer to
    http://moolya.com/blog/2011/03/04/addon-mindmap-for-testers-from-moolya/
    blog post by Moolya Software
    Testing Private Limited for the fantastic list of add-ons that will help testers.
  • Explore code coverage tools on specific programming languages
    used in the product

About the Author

Santhosh Tuppad Santhosh Tuppad is the Co-founder & Senior Tester of Moolya Software Testing Private Limited (www.moolya.com). He also recently won the uTest Top Tester of the Year 2010 apart from winning several testing competitions from uTest and Zappers. Santhosh specializes in the exploratory testing approach and his core interests are security, usability and accessibility amidst other quality criteria.

Santhosh loves writing and he has a blog at: tuppad.com/blog/. He has also authored several articles and crash courses. He attends conferences and confers with testers he meets. Santhosh is known for testing skills and if you are passionate in testing, feel free to contact him at: Twitter: @santhoshst | Skype: santhosh.s.tuppad