In white-box testing, the source code of the application
is analyzed in an attempt to track down defective
or vulnerable lines of code. This operation is often
integrated into the development process by creating
add-on tools for common development environments.
• In black-box testing, the source code is not examined
directly. Instead, special input test cases are generated
and sent to the application. Then, the results returned
by the application are analyzed for unexpected behavior
that indicate errors or vulnerabilities.