International Journal of Innovative Solutions in Engineering
Published January 21, 2026 | Version v1
Journal article Open

Difference and Application of White-Box, Black-Box, and Grey-Box Testing

Authors/Creators

Description

Abstract: In this paper, we explore key differences and practical applications of white-box, black-box, and grey-box testing methodologies in software development. Through theoretical comparison and real-world implementation on a test project, we demonstrate how each method serves a unique role in ensuring software quality. Testing is conducted on a web application developed with React Native and Supabase as the backend, where users can post and manage personal comments. This app serves as a case study for applying each testing approach. White-box testing was used to verify internal logic and data handling. Black-box testing evaluated user-facing features, such as comment posting. Grey-box testing combined knowledge of both to assess security and integration with the backend. This paper aims to clarify when and why each testing type should be used, particularly in small-scale projects as the one used as a test case. This serves as a practical guide for students and developers to understand and apply testing strategies more effectively in their own applications.

Originally published in: International Journal of Innovative Solutions in Engineering (IJISE), Vol. 2, No. 1, 2026. Official URL: https://ijise.ba/article/16/

Files

Vol. 2 No. 1 Article 16.pdf

Files (646.5 kB)

Name Size Download all
md5:a3f0bcc60d975ebc059d871b88e500ee
646.5 kB Preview Download

Additional details

Identifiers

URL
https://ijise.ba/article/16/

Related works

Is identical to
Journal article: https://ijise.ba/article/16/ (URL)
Is published in
Journal: 3029-3200 (ISSN)

References

  • D. Stuttard and M. Pinto, The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. Indianapolis, in: Wiley, 2011.
  • L. Williams, "Testing Overview and Black-Box Testing Techniques," in A (Partial) Introduction to Software Engineering Practices and Methods, in Laurie Williams. , 2006. [Online]. Available: https://sdc.csc.ncsu.edu/files/resources/williams-software-engineering-2011.pdf
  • I. Sommerville, Software Engineering, Boston: Pearson Education, 2016.
  • E. Elkind, B. Genest, D. Peled, and H. Qu, "Grey-Box Checking," in Formal Techniques for Networked and Distributed Systems - FORTE 2006, E. Najm, J.-F. Pradat-Peyre, and V. V. Donzeau-Gouge, Eds., Berlin, Heidelberg: Springer, 2006, pp. 420–435. doi: https://doi.org/10.1007/11888116_30.
  • K. P. M, S. K, R. M, and K. R, "CRUD Application Using ReactJS Hooks,"EAI Endorsed Transactions on Internet of Things, vol. 10, Mar. 2024, doi: https://doi.org/10.4108/eetiot.5298.
  • M. E. Khan and F. Khan, "A Comparative Study of White Box, Black Box and Grey Box Testing Techniques,"International Journal of Advanced Computer Science and Applications (IJACSA), vol. 3, no. 6, Jul. 2012, doi: https://doi.org/10.14569/IJACSA.2012.030603.
  • R. Saxena and M. Singh, "Gray Box Testing: Proactive methodology for the future design of test cases to reduce overall system cost," Journal of Basic and Applied Engineering Research, Oct. 2014. [Online]. Available: https://krishisanskriti.org/vol_image/12Jun201506060717.pdf
  • L. Petrović, "Analysis of OAuth 2.0 Vulnerabilities Arising from Weak Implementation Choices,"International Journal of Innovative Solutions in Engineering, vol. 2, no. 1, p. 15, Nov. 2025, doi: https://doi.org/10.47960/3029-3200.2026.2.1.15.
  • A. Streza, "A Supa-Introduction to Supabase," Medium. Accessed: Jan. 13, 2026. [Online]. Available: https://medium.com/@alex.streza/a-supa-introduction-to-supabase-e551ea6708e
  • C. Dar, M. Hershcovitch, and A. Morrison, "RLS Side Channels: Investigating Leakage of Row-Level Security Protected Data Through Query Execution Time,"Proc. ACM Manag. Data, vol. 1, no. 1, pp. 1–25, May 2023, doi: https://doi.org/10.1145/3588943.
  • F. Kincheloe, Power BI Row Level Security for University Data, Denton: TAIR Annual Conference, 2022.
  • G. Weidman, Penetration testing - A Hands-on Introduction to Hacking, San Francisco: No starch press, 2014.
  • D. Musa and I. Markić, "Achieving Successful Software Penetration Testing,"International Journal of Innovative Solutions in Engineering, vol. 1, no. 1, pp. 1–9, Jan. 2025, doi: https://doi.org/10.47960/3029-3200.2025.1.1.1.
  • D. M. S. Varalakshmi, Secure Multilevel System (FLS & RLS) for a Cyber-Physical System in Association with Data Mining, International Journal of Interdisciplinary Research and Innovations, 2019.
  • "Row-Level Security 101: The Basics of Row-Level Security," Satori. Accessed: Jan. 13, 2026. [Online]. Available: https://satoricyber.com/row-level-security/row-level-security-101/
  • P. S. B. Bele, A. A. Harinkhede and V. M. Bhatti, Software Testing Using White-box, International Research Journal of Innovations in Engineering and Technology (IRJIET), 2022.
  • H. Hi, "Bridge between Black Box and White Box – Gray Box Testing Technique", Accessed: Jan. 13, 2026. [Online]. Available: https://www.academia.edu/32153458/Bridge_between_Black_Box_and_White_Box_Gray_Box_Testing_Technique