The Katalon Blog

Black Box Testing: Definition, Guide, Tools, Best Practices

Written by Katalon Team | Jun 12, 2024 10:30:00 AM

 

Black box testing is a testing method where testers evaluate the quality of a system without knowledge of its internal structures. The system is a “black box”: they know what it does, but not how it achieves those results.
 

In this article, we’ll learn more about black box testing in-depth, the common techniques used, and black box testing best practices.

The Nature of Black Box Testing

Black box testing is a great testing technique because it steps into the user’s perspective. Users don’t have insights into how the system works, and they don’t need to know that. All they need to know is if the system can accomplish what it is supposed to do and provide some form of value to them.
 

You can always do a black box testing yourselves. Let’s consider this scenario: you are a tester at Etsy, one of the leading E-commerce platforms in the world. You want to ensure that the website’s key functionalities are working as intended.
 


 

You navigate to Etsy, then search for a product, such as “Customized Bracelet”. You click on the product of your choice, select a variant, add your personalized message to add to the bracelet, click Add To Cart, and choose location.
 

Read More: Top Test Cases You Need For Ecommerce Websites
 

You have just done (some) black box tests! These tests were done without the knowledge of Etsy’s internal workings. You don’t know about Etsy's underlying techstack, data handling logic, or any conditional workflows. What you see is what you test.

 

Characteristics of Black Box Testing

  1. No internal knowledge required: when testers don’t need to understand the algorithm, they can focus more on answering the question of whether the software meets user expectations or not. This can be useful for non-developers or testers without access to the source code. They have to explore and learn about the system so they can come up with test case ideas.
  2. Focus on external behaviors: it makes sense that black box testing primarily focuses on external behavior. Testers become users, giving testing a high level of realism.
  3. Versatility: black box testing can be applied at all levels of system development: unit, integration, system, and acceptance testing. The box gets progressively bigger, but at the end of the day the approach remains the same. 

Challenges of Black Box Testing

Black-box testing is indeed great for independent testers who have little access to the source code. However, there are 2 major challenges to this approach, which is the limited test coverage and lack of code feedback.
 

Why limited test coverage? It’s difficult to achieve exhaustive testing with black box testing. You can never be sure how much of the System Under Test has been covered, since all you know is its externalized behavior, not its internal mechanism. There can be some execution paths you are not aware of.
 

Have a look at this code snippet:
 

if (employee==”employeeX” && employeeID==”9999” && action==”playPingPongeveryday”

then sendBonus $1,000,000

Ridiculous, yes, but it is a good example to show how having little knowledge of the internal system can very easily lead to lower test coverage. You only see what the system is programmed to show you. The rest is hidden in the black box.
 

A solution to this problem is that you can attempt to create every possible test scenario. However, it is just unrealistic. Modern software systems have a vast number of input combinations. Say you want to test a function with 10 consecutive boolean (True/False) parameters. That alone would require 210 tests to accomplish.
 

Unless you adopt automation testing, such a project would cost tremendous amounts of time and resources. That’s not to mention the ever-changing requirements that you have to keep up with.
 

This leads to limited code feedback. When you test without looking at the code, the results show only if the code works, and not if it is already optimized, or there are any hidden issues underneath.

 

Black Box Testing Techniques

1. Equivalence Class Testing

Equivalence Class Testing (also known as Equivalence Partitioning) is a black-box testing technique that aims to reduce the number of test cases while ensuring comprehensive coverage.
 

In this approach, testers divide input data into equivalence classes (or partitions). Each class represents a set of inputs that should be treated the same way by the system. 

From each equivalence class, one or more representative values are chosen for testing. These values are expected to produce the same outcome as any other value in the class, reducing the need to test every possible input.
 

Usually there are 2 major classes that testers can divide their values into:

  • Valid Equivalence Class: the system should accept and process correctly these inputs
  • Invalid Equivalence Class: the system should reject or handle these inputs in a certain way
     

Let’s look at an example of equivalence class testing. You are testing a function that validates the age of users for an online registration form. The valid age range is 18 to 60.
 

We can create the following equivalence classes:

  • Valid Equivalence Class: [18-60]
  • Invalid Equivalence Classes:
    • Ages less than 18: [-∞ to 17]
    • Ages greater than 60: [61 to ∞]
    • Non-numeric inputs: ["abc", "#$%", etc.]

Now we select a representative value from each group:

  • From the valid class: 25 (a middle value within the valid range)
  • From the invalid classes:
    • Less than 18: 17
    • Greater than 60: 61
    • Non-numeric: “abc”

From these representatives, we can start to design test cases:

  • Test Case 1: Age = 25 (Expected: Valid)
  • Test Case 2: Age = 17 (Expected: Invalid)
  • Test Case 3: Age = 61 (Expected: Invalid)
  • Test Case 4: Age = "abc" (Expected: Invalid)
     

Equivalence Class Testing Best Practices:

Now the question becomes what makes a good equivalence class? There are 3 criteria for you to decide if a group of tests make a good class:

  1. They all test the same thing.
  2. If one test catches a bug, it is likely that other tests in the same group also do.
  3. If one test does not catch a bug, it is likely that other tests in the same group also do not.

What does that mean? It means that each equivalence class only needs one test case to discover all of the necessary bugs. You can create more test cases if needed, but they usually don’t find more bugs. At its core, equivalence class testing is meant to reduce the number of test cases to a more manageable level while still achieving an acceptable level of test coverage.
 

However, note that there is always a risk of overlooking edge cases. Let’s say that the developers implement a piece of code like this:
 

if (age==”30”)
then REJECT

It is such an unexpected “feature” that you would never have known (unless the developer directly tells you, or you get access to the source code).
 

Where to use equivalence class testing? It is best suited for systems where there are ranges for input data. Each and all input in each range is of equivalent value, so that you only need to choose one value to test for the entire range. Make sure that you validate this assumption of “equivalent value” with the programmer.
 

Here is some good examples for instances where this approach will work well:

  • Numeric input ranges (e.g., age, weight)
  • Date ranges (e.g., date of birth, expiration dates)
  • String length validation (e.g., usernames, passwords)
  • Enumerated types (e.g., gender, country codes)
  • Monetary values (e.g., transaction amounts, loan amounts)
  • File uploads (e.g., file size, file type)
  • Inventory counts (e.g., stock quantities, order quantities)
  • Interest rates (e.g., loan rates, savings rates)
  • User permissions (e.g., access levels, subscription tiers)
  • Survey responses (e.g., rating scales, multiple-choice answers)

2. Boundary Value Analysis

Boundary value analysis is the “extreme” form of equivalence partitioning testing. It focuses more on boundaries between equivalence classes. The idea is that errors are most likely to occur at the edges of input ranges rather than in the middle, so testing the boundaries of these ranges is particularly important.  
 

Let’s look at the previous example.
 

You are testing a function that validates the age of users for an online registration form. The valid age range is 18 to 60. We have the following equivalence classes:

  • Valid Equivalence Class: [18-60]
  • Invalid Equivalence Classes:
    • Ages less than 18: [-∞ to 17]
    • Ages greater than 60: [61 to ∞]
    • Non-numeric inputs: ["abc", "#$%", etc.]

Once we have the equivalence class, it is time to determine the boundaries. Let’s start with the numeric values first

  • Just outside lower boundary: 17
  • At the lower boundary: 18
  • Just above the lower boundary: 19
  • Just below the upper boundary: 59
  • At the upper boundary: 60
  • Just outside upper boundary: 61

We have 6 test cases in total now. But what about the more extreme cases such as age -3 or age 9,999,999 or age DwayneJohnson? Working with the programmer is a recommended practice when it comes to black box testing. Ask them about what they implemented in the code so you can choose your boundaries more accurately.
 

Boundary Value Analysis Best Practices:

There are 3 steps to do boundary value analysis:

  1. Identify Equivalence Classes: Determine the valid and invalid classes for the input domain.
  2. Determine Boundaries: For each equivalence class, identify the boundaries.
  3. Select Test Cases: Choose values at, just below, and just above each boundary.

When we talk about choosing values “below” and “above” each boundary, we should also think about how much above and below we should aim for. For example, you may have divided the full range of integers into 3 smaller ranges, and choosing the value above the boundary of the 2nd range may mean stepping into the zone of the 3rd range, which leads to ineffective testing.
 

In a way, boundary value analysis is just equivalence class testing taken to a more granular level.

3. Decision Table Testing

Decision Table Testing is a black box testing technique that involves creating a decision table to map different combinations of inputs to their corresponding outputs.
 

There are 3 key concepts in a basic decision table:

  1. Condition: input variables that influence the system’s behavior
  2. Action: outcomes based on combinations of conditions
  3. Rule: a specific combination of conditions and their corresponding actions

     
 

Rule-1

Rule-2

[...]

Rule-p

Conditions

    

Condition-1

    

Condition-2

    

    

Condition-m

    

Actions

    

Action-1

    

Action-2

    

    

Action-n

    


 

Here’s a decision table for a simple loan approval system. The system approves or denies loans based on two conditions: 

  1. The applicant's credit score
  2. The applicant's income

Based on the credit score and income, we can decide on whether to approve for loan and the level of interest rate to provide:
 

Rule

Rule-1

Rule-2

Rule-3

Rule-4

Rule-5

Rule-6

Conditions

Credit Score

High

High

Medium

Medium

Low

Low

Income

High

Low

High

Low

High

Low

Actions

Loan Approval

Yes

Yes

Yes

No

No

No

Interest Rate

Low

Medium

Medium

N/A

N/A

N/A

 

There are in total 2 conditions and 2 actions, which creates 6 rules.

For example, if the application has High Credit Score and High Income, their loan is approved with Low Interest Rate
 

However, if they have Low Credit Score with High Income, their loan is not approved, and therefore Interest Rate is not available (N/A).
 

Taken into the testing context, each rule column is one test case, so here you have 6 test cases to execute. 
 

A decision table is great for black box testing because it consolidates all requirements (from the business analyst or any other stakeholders) under one digestible format. You can apply equivalence testing into this also. For example, if a condition is a range of values (18-60), you can consider testing at the low end and high end of the range.
 

Decision table testing is great when the system must implement complex business rules, and when these rules can be represented as a combination of conditions.

4. Pairwise Testing

Pairwise testing is a black box testing technique that focuses on testing combinations of two inputs at a time. Instead of testing every possible combination, this approach helps keep the number of tests more manageable while still achieving good coverage.
 

Let’s look at a quick case study to demonstrate why pairwise testing is effective.

Scenario: A software company is developing a new e-commerce platform. The platform needs to be tested on various browsers, operating systems, payment methods, and user types.

Parameters and Values:

  • Browser: Chrome, Firefox, Safari, Edge
  • Operating System: Windows, macOS, Linux
  • Payment Method: Credit Card, PayPal, Bank Transfer
  • User Type: New User, Returning User, Guest

Testing all possible combinations would require:

4 (Browsers) x 3 (Operating Systems) x 3 (Payment Methods) x 3 (User Types) = 108 test cases

Using a pairwise testing tool (like PICT or ACTS), we generate a reduced set of test cases that ensure every pair of parameter values is tested at least once. This typically results in a significantly smaller number of test cases, often around 10-20 for such a scenario, depending on the specific parameters and values involved. 

5. State Transition Testing

State transition testing is a black box testing technique used to verify the behavior of a system based on the different states it can assume. This approach is particularly useful for systems that have different behaviors based on their current state.
 

State transition testing is better explained by a diagram. Above is a basic state transition diagram for a door that can only be opened or closed. 
 

There are 3 key concepts:
 

  1. state is a condition during the life of the system which satisfies certain conditions. In the diagram below, there are 2 states: Door Opened and Door Closed. A state is generally represented by a circle. States can “remember” the inputs that the system received in the past. These inputs can affect how the system responds to future events.
     
  2. transition is the process of changing from one state to another in response to the event. A transition is usually represented by an arrow.
     
  3. An event is the stimulus that triggers a transition from one state to another. We have 2 events: open and close. An event is usually represented by a label on the transition arrow. The event can enter the system through an interface or generated within the system itself. Events in a more complex system can include parameters.
     

In practice, these diagrams are usually much more complex. The goal of state transition testing is to cover all possible transitions between states, including valid and invalid transitions. 
 

The process of state transition involves the following steps:
 

  1. Identify States: Determine all possible modes or conditions the system can be in during its operation.
     
  2. Define Transitions: Specify how the system moves from one state to another in response to events or conditions.
     
  3. Create Transition Table or Diagram: Develop a visual representation (table or diagram) that shows states, events, and transitions. This serves as a plan for designing test cases.
     
  4. Generate Test Cases: Based on the transition representation:
    • Test valid state transitions (expected under normal conditions).
    • Test invalid state transitions (should not occur and could indicate flaws).
    • Test boundary conditions (testing at the edges or limits of state ranges).
       
  5. Execute Test Cases: Run the test cases and observe how the system changes states in response to different inputs, events, or conditions.
     
  6. Verify Behavior: Ensure the system performs correctly during each transition.
     

Let’s look at a state transition diagram for a basic E-commerce order process:

 


 

There are 8 states in total:

  1. New: Initial state when an order is placed.
  2. Pending Payment: Waiting for payment confirmation.
  3. Order Processing: Payment confirmed, order being processed.
  4. Shipped: Order has been shipped.
  5. Delivered: Order successfully delivered to the customer.
  6. Canceled NonPaid: Order canceled by customer during New or Pending Payment
  7. Canceled Paid: Order canceled during Order Processing or Shipped
  8. Returned: Order returned after Delivered

Here is the state transition table for it:
 

Current State

Event

Next State

New

Place Order

Pending Payment

New

Cancel Order

Cancelled NonPaid

Pending Payment

Confirm Payment

Order Processing

Pending Payment

Cancel Order

Cancelled NonPaid

Order Processing

Ship Order

Shipped

Order Processing

Cancel Order

Cancelled Paid

Shipped

Confirm Delivery

Delivered

Delivered

Return Order

Returned

Cancelled NonPaid

N/A

N/A

Cancelled Paid

N/A

N/A

Returned

N/A

N/A


 

Each row in this table is one test case, representing one path to execute. Simply draw paths through all states so that all paths are executed at least once. This ensures total coverage of the scenario. We have in total 6 test cases from that state transition diagram.

 

 


 

Not just a great test design tool, state transition diagrams also provide a clear visualization of the system's behavior, making it easier to understand and communicate. However, when it comes to more complex systems, such diagrams can be overwhelming to look at. Make sure to define each state and transition accurately.

6. Use Case Testing

Use case testing is a black box testing technique focusing on simulating real-world scenarios that the system can encounter. 
 

But what is a use case? A use case is a detailed description of how users (actors) interact with a system to achieve a specific goal. The use case outlines the sequence of steps and actions taken by the user and the system responses to those actions.
 

Note that an “actor” is not necessarily a user. It can be human users, external systems, hardware, or software components.
 

Each use case consists of one or more scenarios, including the main success scenario (happy path) and alternative scenarios (edge cases, error conditions, exceptions).
 

Testers generally have a use case template and fill in the details. Here is an example of a use case table:

Use Case Table: Online Shopping - Placing an Order

Use Case Component

Description

Use Case Number or Identifier

UC-001

Use Case Name

Place Order

Goal in Context

The customer successfully places an order for products in their shopping cart and receives an order confirmation.

Scope

System

Level

Primary task

Primary Actor

Customer

Preconditions

The customer is logged into the online store.

The customer has at least one item in the shopping cart.

Success End Conditions

The order is successfully placed.

The customer receives an order confirmation with details.

Failed End Conditions

The order is not placed.

The customer is informed of the failure reason (e.g., payment failure, out-of-stock item).

Trigger

The customer clicks the "Place Order" button on the checkout page.

Main Success Scenario

1. The customer reviews the items in the shopping cart.

2. The customer clicks the "Proceed to Checkout" button.

3. The customer enters or confirms the shipping address.

4. The customer selects a shipping method.

5. The customer enters payment details and confirms payment.

6. The system processes the payment through the payment gateway.

7. The system confirms the order and displays an order confirmation with order details.

8. The system sends an order confirmation email to the customer.

Priority

High

Response Time

The system must complete the order process within 30 seconds after the payment is confirmed.

Frequency

Expected to be executed multiple times daily.

Channels to Primary Actor

Web browser

Secondary Actors

Payment Gateway: To process payment.

Shipping System: To calculate shipping costs and manage shipping details.

Channels to Secondary Actors

Payment Gateway: API

Shipping System: API

Date Due

Release 1.0 by Q3 2024

Completeness Level

0.5

Open Issues

N/A

 

It is important to prepare the necessary test data for use case testing.

Black Box Testing vs White Box Testing vs Grey Box Testing

There are 3 types of boxes representing 3 levels of “opacity” i.e. the level of knowledge testers have of the system’s internal workings. Here’s a brief comparison of the three:

 

Read More: What is Black Box Testing? A Complete Guide
 

Here is a table comparing Black Box Testing, White Box Testing, and Grey Box Testing:

Feature

Black Box Testing

White Box Testing

Grey Box Testing

Definition

Testing without knowing the internal code structure. Focuses on input-output and functionality.

Testing with full knowledge of the internal code structure. Focuses on code logic and coverage.

Testing with partial knowledge of the internal code structure. Combines elements of both black and white box testing.

Testers' Knowledge

No knowledge of the internal workings of the software.

Complete knowledge of the internal workings of the software.

Partial knowledge of the internal workings of the software.

Focus

Functionality, user interface, and user experience.

Code logic, paths, branches, and internal structures.

Both functionality and internal structures, with a focus on integration and interactions.

Advantages

- Identifies missing functionalities. 

- User-oriented.

- No need for programming knowledge.

- Detailed and thorough testing.

- High code coverage.

- Optimizes code.

- Balanced approach. 

- More effective in finding defects in integrated systems.

- Better coverage than black box testing alone.

Disadvantages

- Limited coverage of code paths. 

- Can miss logical errors in the code.

- Time-consuming. 

- Requires programming skills. 

- May not reflect user perspective.

- Requires both functional and code knowledge. 

- Can be complex to design. 

- May not be as thorough as pure white box testing.

Typical Testers

Testers, QA engineers, end-users.

Developers, QA engineers with programming skills.

Testers with some programming knowledge, developers.

Testing Techniques

Equivalence partitioning, boundary value analysis, decision table testing.

Statement coverage, branch coverage, path coverage, condition coverage.

Matrix testing, regression testing, pattern testing, orthogonal array testing.

Tools Used

Selenium, QTP, LoadRunner, TestComplete.

JUnit, NUnit, CUnit, Emma, Clover, SonarQube.

Selenium, QTP, Rational Functional Tester, integration tools.

Use Cases

Acceptance testing, system testing, functional testing.

Unit testing, integration testing, security testing, code optimization.

Integration testing, penetration testing, system testing.

 

Conclusion

In summary, black box testing offers a user-focused approach to evaluating software functionality without delving into its internal structure. While effective for validating user requirements and identifying missing functionalities, it may not achieve comprehensive code coverage or provide insights into code quality. 

Therefore, integrating it with white box and grey box testing ensures a more thorough assessment of both user expectations and internal system behavior, crucial for maintaining software quality and enhancing user satisfaction.

 

See How You Can Do Black Box Testing Better and Faster