Software Testing
White-box Testing versus Black-box Testing
• Black-box testing is conducted without the tester’s having any information about the app being tested. This process is sometimes called “zero-knowledge testing”. The main purpose of this test is allowing the tester to behave like a real attacker in the sense of exploring possible uses for publicly available and discoverable information.
黑盒测试是在测试人员不了解任何有关被测试应用的信息的情况下进行的。这个过程有时被称为“零知识测试”。这个测试的主要目的是让测试人员像一个真正的攻击者一样,探索公开可用和可发现信息的可能用途。
• White-box testing (sometimes called “full knowledge testing”) is the total opposite of black-box testing in the sense that the tester has full knowledge of the app. The knowledge may encompass source code, documentation, and diagrams. This approach allows much faster testing than black-box testing due to it’s transparency and with the additional knowledge gained a tester can build much more sophisticated and granular test cases.
白盒测试(有时称为“完全知识测试”)与黑盒测试完全相反,因为测试人员完全了解应用程序。这些知识可能包括源代码、文档和图表。这种方法允许比黑盒测试更快的测试,因为它是透明的,并且通过获得额外的知识,测试人员可以构建更复杂和粒度更小的测试用例。
• Gray-box testing is all testing that falls in between the two aforementioned testing types: some information is provided to the tester (usually credentials only), and other information is intended to be discovered. This type of testing is an interesting compromise in the number of test cases, the cost, the speed, and the scope of testing. Gray-b