White-box testing (also known as structural testing) is based on knowledge of the internal logic of an application's code. It determines if the program-code structure and logic is faulty. White-box test cases are accurate only if the tester knows what the program is supposed to do.

Black-box testing uses only the specification to identify use cases, while white-box testing uses the program source code (implementation) as the basis of test case identification. Both approaches, used in conjunction, should be necessary in order to select a good set of test cases for the SUT. Some of the most significant white-box techniques are as follows:

• Code coverage defines the degree of source code, which has been tested, for example, in terms of percentage of LOCs. There are several criteria for the code coverage:
  1. Statement coverage: The line of code coverage granularity.
  2. Decision (branch) coverage: Control structure (for example, if-else) coverage granularity.
  3. Condition coverage: Boolean expression (true-false) coverage granularity.
  4. Paths coverage: Every possible route coverage granularity.
  5. Function coverage: Program functions coverage granularity.
  6. Entry/exit coverage: Call and return of the coverage granularity.
• Fault injection is the process of injecting faults into software to determine how well (or badly) some SUT behaves. Defects can be said to propagate, and in that case, their effects are visible in program states beyond the state in which the error existed (a fault became a failure).
• Mutation testing validates tests and their data by running them against many copies of the SUT containing different, single, and deliberately inserted changes. Mutation testing helps to identify omissions in the code.