Ways to move from BlackBox Testing to WhiteBox Testing

Hi All

I believe if QA can spend a specific threshold of 10-15 mins triaging defect by analyzing code rather than just caputing the screenshot of what is not working, can make a significant impact on the project . What you guys think ?

In my opinion moving from manual testing to learning codebase has coupe of benefits -

  1. QA will upskill knowledge on project end to end and also learn code base.
  2. QA can pinpoint which code line is causing the issue hence developers now know upfront where they need to fix it rather than doing initial triage themselves which is now already done by QA.

With this approach , developers only would be responsible for making code changes, QA will only highlight which code line could be reason behind the issue.

Please share your thoughts .

3 Likes

I would call that an additional skill rather than

if the context demands, the QA might be testing the APIs and point out a bug in the code where they’re handled. Now we would call that “manual testing” wouldn’t we?

2 Likes

It sort of depends on the tech stack and what access you are able to get.

Testing web apps without using dev tools or some sort of traffic interceptor for example, I’d be really surprised to find a professional tester that did not use those tools. There is no transition here, that’s really the base point for web testing in my view. Give a developer the call and the response with a picture is significant value in my view.

Similarly with mobile you are going to want to see the traffic in order to offer value in your testing, some apps are easier than others to do this, flutter for example can be problematic but there are work arounds.

I’d put the above as the basics and almost always running as I test.

API testing was probably the first step beyond those basics, fairly light usage in my case.

Doing local builds is likely the next step as it offers more access to debug tools and as you mention viewing the code. I usually go through this step on new project so its available but many projects I don’t need it, I’ll use it on a needs be basis.

Database query access, for me its rare to need this but nice to have.

Reading code - useful to have but again its so rare I find I need to do this unless its a very specific problem. Developers will be quicker, faster and have better insight so there’s a bit of cost benefit regarding who does the triage here. Pinpointing code can be useful if its a two min job and you are accurate but otherwise I’d leave it to developers.

Making code changes, a lot of testers fall into the category of knowing enough to be dangerous, a common starting point for many testers though is learning the source control tools and adding basic identifiers or keys for use in automation.

Expand your toolbox, there is value in above but unsure how significant it is if when you have developers who do some of those much better.

2 Likes

The amount of QAers that

  1. have access to the code
  2. can find the proper code
  3. can read the code

is very small I believe :smiley: but that doesn’t mean I disagree!

Yup! But still it depends on how much code you are willing to learn. It’s not an easy path. But I totally agree!

With this I disagree, a developer would still need to review this process. It’s not as simple as this I’m afraid + some developers will feel bad like " is this QA guy now telling how I need to do my job???"

I’ve seen that before, so it depends on context, people and the environment that you are in.

But I agree that getting some technical knowledge cannot hurt :slight_smile:

1 Like

All testers are manual imo - they either have additional skills to read and inspect code/pair/TDD etc. or they automate a percentage of their tests as well. I would also say its defect specific, being able to point to the code does not mean the dev will know how to fix it, the code can be right - but the design could be the issue, there could be a un communicated a/b test or the understanding/function of how the browsers native function works has changed due to an update - all sorts of reasons. Like Andrew says - “expand your toolbox” is a great way to progress as a tester. Also it reads like you mean Grey box testing, where they could then progress into white box testing?

2 Likes

I would encourage you to think about what problem(s) you’re trying to solve with this idea. It’s true that there are benefits to white box testing, but it doesn’t seem like that’s what you’re describing here.

With white box testing, a tester knows more details about the technical implementation of an SUT. They can “see under the hood” and get ideas for what could go wrong and where risks may lie. A downside to this is that testers may focus too much on the technical side and miss the point of what value and UX we’re ultimately trying to deliver to the customer / end users. We may begin only to think of whether something technically does a thing, not whether that thing actually helps users or is easy to use.

What you described seems to be more about learning the code so you can cut down the work for the developers. I really don’t think that’s a good idea for two main reasons:

  1. It creates an expectation that testers should identify the exact code that’s causing an issue, which I believe is out of scope, and there’s enough people out there that already think testers are the only ones that need to test / care about quality; we don’t need to give them more things they think they no longer need to do
  2. As @kristof pointed out, a developer would still need to look into the issue, and unless it’s something basic like a typo, it’s usually a lot more complicated and takes more than 10-15 minutes to investigate

I think what you’re proposing wouldn’t necessarily have a positive impact on the project, but shift the work from one person to another and possibly duplicate work, such as the investigation.

All that being said, I wouldn’t discourage you from learning more about the SUT or digging into the code if that’s what you want to do. It could certainly add something to your testing and perhaps open up some possibilities for you, like getting into development, for example, but it’s just important to be aware of potential pitfalls as well.

5 Likes

The assumption here is that the team is broken down into dev and test silos. We need to move away from such things. If a tester knows enough about code to track down what the problem is, what is wrong with them fixing it, too?

3 Likes

Fixing requires raising PR which needs to be reviewed as per best coding practices which developers are responsible for, so QA should only help with triaging and analyzing code.

1 Like

Hi @kristof , thanks for sharing your thoughts !! Regarding your say - QA now telling is not telling but QA is sharing ‘maybe’ root cause reason. Consider it just like ML model predicting output not telling actual answer. Developers still are the main lead to get the work done .

1 Like

There is actually a good answer to this, in order to test “predictions” you can use Metamorphic testing approaches. A bit unrelated but worth mentioning :smiley:

Making it actually testable, since you have Acceptance criteria of the accuracy of the model build. But this still keeps it “blackbox”

yes i agree @andrewkelly2555 , only point here is QA skills enhancement on project framework , whenever any issue is popping up its passed through QA to developer and in between if QA can invest 10-15 mins looking into codebase finding root cause its fine. My thought here is learning and thet doesnot mean for all defects QA can do triage.

PRs are a nonsense that just causes delays. They exist only to feed silos, as does the assertion that developers are responsible for code. The team should be responsible for what they deliver. Strengthening subgroups within teams is a dysfunctional practice that is sadly normalised.

Developers should not be responsible for code.
Testers should not be responsible for tests.
The team should be responsible for both. For the entire system, not their own subsystem.

This is software development at its worst.

I can see several contexts where checking the code can be useful. Not sure which one you’re referring to. Some of them:

  • Pinpointing the bug to a part of the code
  • Expanding the problem/bug to other parts of the application where the behavior is similar (due to reuse or use of that part of the code); or finding that the bug causes a worse bug somewhere else
  • Helping with the bug-fixing
  • Being more specific or using a developer-shared terminology when describing the bug(report) due to the extra knowledge of the system;
  • Checking a bug-fix and areas of impact (useful for regression checks)

I’ve done most of these for the pleasure of learning more, getting integrated, building better relationships with people around me, finding more problems through code inspections.
If you’ve got the time (as it can require significant time and it might take your focus from some other technique you could use to test better or more in-depth the application) I recommend you try it.

1 Like

Hey Stefan, Thanks for your reply !! In my post I was referring to only point#1 and point#3 by providing some context to bug root cause but all your points are in addition to my initial post. Yes i agree its all about learning and upskilling QA knowledge on project codebase.

Its been a while since I looked at it but one of the best courses I found when fast tracking new testers to get a bit more technical was “Technical testing 101”.

The initial jump in your toolbox and a more technical understanding is very significant, well presented examples to go through, it had a nominal fee but fantastic value, I highly recommend this.

1 Like

I developed a testing platform to establish the relationship among code difference, service, api, story, test case, bug to realise the accurate testing. Most of testers may not have the ability to read codes. With this platform, tester can easily pinpoint the code line which causes to bug.

Isnt this just an example of solving a people problem with technology?

This was pretty common back in the old millenia when code was reasonably readable. Testing AXE telephone systems I always wrote corrections in ASA/PLEX, (assembly level and Source code level codes). However nowadays being able to read the code takes very much more effort.

I would say - if coding (also automation) is what rocks your boat - go for it! You might end up like a programmer too. That wasnt unusual back in the days.

If however the system(s) is what rocks your boat its probably not worth the effort.

it actually depends on what domain you are working on , for instance for web domain I agree its little more complicated reading code but for domains like data involving ETL/ databricks its easier. But I agree with you if QA can do it easily then only should move in this direction.

While white-box testing can be useful, it becomes challenging when the code gets too complex, making it difficult to track the flow of data. In some cases, developers prefer using a single file rather than multiple files, which increases the lines of code. This can make white box testing time-consuming and harder to manage.

In my opinion in such scenarios, grey box testing might be a more effective approach. Combining white box testing for easily understandable code with black box testing for complex user flows or intricate code structures allows for a more balanced and efficient testing strategy, rather than relying solely on white box testing.

1 Like