When testing software, it’s necessary to employ a methodology that’s as free from bias as possible. Development can be easily influenced by giving the tester too much information about the development process itself. The best-case scenario is that the tester is simply given a task to accomplish using the software in question, and no guidance at all in how to accomplish the task. That way, the testing experience is pure, which should guarantee the desired result.
To this end, Black Box testing is utilized. Black Box testing is the term for a methodology in which the tester knows nothing of the underlying code of the software application. Because the tester can’t see what went into the development of the application, no assumptions can be made of how each element is meant to operate, so the tester is forced to assess each function as it actually is. In turn, this enables the developers to see at which points the application works as expected, and what needs to be corrected.
Though no software product can be entirely free of bugs, Black Box testing is at the very least the best way to proceed. Because it’s done from the user’s point of view, it’s a look into real-world use, as opposed to the developer’s idea of the perfect user. The tester need not know anything about how the application was written, and in fact the tester need not even be part of the originating company.
Weighing against these benefits are disadvantages like not being able to precisely determine why failures occur, or that not every aspect of the software application’s design can be tested. It’s impossible to test every input into a system, so specific test cases must be constructed, and sometimes these cases can be difficult to design if the functions haven’t been properly specified.
Manoj Rai has around 14 years of IT experience in Enterprise Applications, Mobile and Infrastructure security. Has rich and diverse global experience in leading large engagements and building deep technology expertise in security testing domain.
Manoj is a Bachelor of Engineering in Computer Science with MBA in Systems and Executive Delivery Program from IIM-Bangalore. A regular speaker on various technical subjects like Ethical Hacking, Mobile security, Secure SDLC and Cloud Security areas in CISO platforms, OWASP, BLUG, NULL etc. Has been a regular blogger and has published white papers on threat management and best practices in various social groups.
