- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
White box testing (also known as structural testing, transparent box testing, clear box testing, and glass box testing) tests an application’s internal coding and infrastructure. White box testing focuses primarily on strengthening security, the flow of inputs and outputs through the application, and improving design and usability by testing software design from within. This is unlike black box testing, which involves testing from the external or end-user perspective.
The “clear box” or “white box” name connotes the ability to see through an application's outer shell (or "box") into its inner workings. Likewise, the "black box" in "black box testing" symbolizes not being able to see the inner workings of the software so that only the end-user experience can be tested.
White box testing examines the software’s code for outputs. Because it examines code, it takes place as part of static application security testing (SAST), helping to test and inform secure coding practices.