Some of the artifacts relevant to white box testing include source code, a
risk analysis report, security specification/requirements documentation, design
documentation, and quality assurance related documentation.
Source code is the most important artifact needed to perform white
box testing. Without access to the code, white box testing cannot be
performed, since it is based on testing software knowing how the
system is implemented.
Architectural and design risk analysis should be the guiding force
behind all white box testing related activities, including test planning,
test case creation, test data selection, test technique selection, and test
exit criteria selection. If a risk analysis was not completed for the
system, this should be the first activity performed as part of white box
testing. The following section discusses risk analysis.
Design documentation is essential to improve program understanding
and to develop effective test cases that validate design decisions and
assumptions.
Security specifications or requirements are a must, to understand and
validate the security functionality of the software under test.
Security testers should have access to quality assurance
documentation to understand the quality of the software with respect to its
intended functionality. Quality assurance documentation should include a
test strategy, test plans, and defect reports. Load and performance tests
are important in understanding the constraints placed on the system and the
behavior of the system under stress.
Any artifact relevant to program understanding should be available to
white box testers.
