I think he meant fuzzing
, e.g., sending malformed data to an application to see how it responds.
That is actually an extremely poorly thought-out question, because fuzzing is a testing technique that can be applied to any kind of software (commercial off the shelf, proprietary, open source) that you have licensed, created, downloaded, etc.
Some examples of fuzzing in action:
- At my last job (VoIP hardware manufacturer) we used a box from Ixia to generate malformed/out-of-spec SIP traffic in order to test our PBXes and handsets.
- At my current employer (software developer) we fuzz our own software (COTS stuff) to see how resilient it is to things like malformed/corrupt software updates using internally developed tools.
I would say either of these applications is a "white box" test, since we are the creator of the product being tested. On the other hand, in the first test, I used a third-party
fuzzing tool purchased from another company—I'm not sure if that affects the answer to the question, though.