1. White-Box and Black-Box Testing
    1. Black-Box Testing:
      1. A method of software testing that examines the functionality of an application without peering into its internal structures or workings.
      2. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance.
      3. It is sometimes referred to as specification-based testing.
    2. White-Box Testing:
      1. aka Clear Box Testing, Glass Box Testing, Transparent Box Testing, and Structural Testing
      2. A method of testing software that tests internal structures or workings of an application, instead of its functionality, as is done with Black-Box Testing.
      3. An internal system perspective is used to design test cases. The tester chooses inputs to exercise paths through the code and determine the expected outputs.
      4. White-box testing can be applied at the unit, integration and system levels of the software testing process. It tests paths within a unit, paths between units during integration, and between subsystems during a system-level test.
      5. Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification, or missing requirements.
    3. Sandbox:
      1. A testing environment that isolates untested code changes from the production environment or repository.
      2. Sandboxing protects live environments from changes that could be (intentionally or unintentionally) damaging, or difficult to revert.
      3. Sandboxes replicate at least the minimal environmental variables needed to test the code in development.
  2. Model Validation and Verification
    1. Model Validation
      1. Ensures that software produced by a development effort is meeting its intended business requirements.
    2. Model Verification
      1. Verify that the software functions properly
      2. Load (Stress) Testing
  3. Static and Dynamic Code Analysis
    1. Static Code Analysis:
      1. Code is analyzed without being executed, either visually or with the aid of automated tools. Static code analysis is meant to locate major code flaws.
    2. Dynamic Code Analysis:
      1. Code is analyzed through testing (execution). This locates minor defects and vulnerabilities that otherwise would not be seen.
      2. Synthetic Transactions:
        1. Scripted sets of inputs given to code when the testers know what output the code should produce for each input.
      3. Fuzz Testing (Fuzzing):
        1. A quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks. It involves inputting massive amounts of random data, called fuzz, to the test subject in an attempt to make it crash.