Software
testing is the process used to measure the quality
of developed computer software. Usually, quality is
constrained to such topics as correctness, completeness,
security, but can also include more technical requirements as
described under the ISO standard ISO 9126, such as
capability, reliability, efficiency, portability,
maintainability, compatibility, and usability. Testing is a
process of technical investigation, performed on behalf of
stakeholders, that is intended to reveal quality-related
information about the product with respect to the context in
which it is intended to operate.
This includes, but is not
limited to, the process of executing a program or application
with the intent of finding errors. Quality is not an
absolute; it is value to some person. With that in mind,
testing can never completely establish the correctness of
arbitrary computer software; testing furnishes a criticism or
comparison that compares the state and behaviour of the
product against a specification.
An important point is that
software testing should be distinguished from the separate
discipline of Software Quality Assurance (SQA), which
encompasses all business process areas, not just testing.
There are many approaches to
software testing, but effective testing of complex products
is essentially a process of investigation, not merely a
matter of creating and following routine procedure. One
definition of testing is "the process of questioning a
product in order to evaluate it", where the "questions" are
operations the tester attempts to execute with the product,
and the product answers with its behavior in reaction to the
probing of the tester. Although most of the intellectual
processes of testing are nearly identical to that of review
or inspection, the word testing is also used to connote the
dynamic analysis of the productputting the product through
its paces. Sometimes one therefore refers to reviews,
walkthroughs or inspections as "static testing", whereas
actually running the program with a given set of test cases
in a given development stage is often referred to as "dynamic
testing", to emphasize the fact that formal review processes
form part of the overall testing scope.
White box and black box
testing are terms used to describe the point of view a test
engineer takes when designing test cases. Black box testing
treats the software as a black-box without any understanding
as to how the internals behave. Thus, the tester inputs data
and only sees the output from the test object. This level of
testing usually requires thorough test cases to be provided
to the tester who then can simply verify that for a given
input, the output value (or behavior), is the same as the
expected value specified in the test case.
White box
testing, however, is when the tester has access to
the internal data structures, code, and algorithms. For this
reason, unit testing and debugging can be classified as
white-box testing and it usually requires writing code, or at
a minimum, stepping through it, and thus requires more skill
than the black-box tester. If the software in test is an
interface or API of any sort, white-box testing is almost
always required.
In recent years the term
grey box testing has come into common usage.
This involves having access to internal data structures and
algorithms for purposes of designing the test cases, but
testing at the user, or black-box level. Manipulating input
data and formatting output do not qualify as grey-box because
the input and output are clearly outside of the black-box we
are calling the software under test. This is particularly
important when conducting integration testing between two
modules of code written by two different developers, where
only the interfaces are exposed for test.
Grey box
testing could be used in the context of testing a
client-server environment when the tester has control over
the input, inspects the value in a SQL database, and the
output value, and then compares all three (the input, sql
value, and output), to determine if the data got corrupt on
the database insertion or retrieval.