White-box, Black-box, and Grey-box Testing
White-box, black-box, and grey-box testing represent three different perspectives on what information the tester uses when designing tests. Each perspective is appropriate for different testing contexts and levels in the testing pyramid.
Black-box Testing
Black-box testing treats the system under test as a black box — the tester has no knowledge of internal implementation. Tests are designed from the external interface: given this input, we expect this output. Functional testing, acceptance testing, and most E2E testing are black-box approaches. Benefits: tests reflect actual user behaviour, not implementation; tests are decoupled from implementation changes.
White-box Testing
White-box (or clear-box) testing uses knowledge of the internal implementation to design tests. The tester knows the code paths, branches, and logic. Unit tests written with knowledge of implementation, code coverage-guided testing, and security testing that examines specific code vulnerabilities are white-box approaches. Benefits: can achieve thorough code coverage; reveals implementation-specific edge cases.
Grey-box Testing
Grey-box testing combines both: the tester has partial knowledge of the implementation — enough to design better tests, but not full implementation visibility. Integration testing, API testing where the tester knows the API schema and business logic, and most security testing are grey-box. Most real testing is grey-box: testers know the data model, business rules, and API contracts without having read every line of implementation code.