Analisis Perbandingan Metode White Box dan Black Box Testing pada Pengujian Modul Autentikasi Sistem Web


  • Joko Yuwono * Mail Universitas Pamulang, Serang, Indonesia
    • (*) Corresponding Author
DOI: https://doi.org/10.47065/jussi.v5i3.9870
Keywords: White Box Testing; Black Box Testing; Authentication; Software Testing; Web System

Abstract

The security of authentication modules in web systems is a critical issue directly impacting user data integrity and system resilience against cyber threats. Inadequate testing can lead to serious security vulnerabilities including SQL injection, authentication bypass, and token exploitation. This study analyzes, compares, and integrates the effectiveness of white box testing and black box testing in testing a PHP-based web system authentication module using JSON Web Token (JWT). A quantitative experimental approach was adopted using seeded defect technique, deliberately injecting 32 defects to objectively measure detection effectiveness of each method. White box testing was implemented using McCabe's basis path testing with PHPUnit 10 and Xdebug-based code coverage analysis, while black box testing used equivalence partitioning and boundary value analysis through Postman API Client. White box testing detected 28 of 32 defects (87.5%), excelling in identifying logic errors and JWT cryptographic algorithm weaknesses. Black box testing detected 29 defects (91.3%), with significant advantages in uncovering input validation errors and HTTP parameter-exploitable security vulnerabilities. Combined, both methods synergistically achieved 93.75% defect coverage (30 of 32 defects). The study concludes that integrating white box testing at unit testing stage and black box testing at integration testing stage provides the most comprehensive quality assurance for web system authentication modules, supported by a strategic matrix for optimal testing method selection.

References

IBM Security, “X-Force Threat Intelligence Index 2024,” IBM Corporation, Armonk, NY, USA, Technical Report, 2024. [Daring]. Tersedia pada: https://www.ibm.com/reports/threat-intelligence

J. Yuwono, “Analisis Kinerja Sistem E-Learning Universitas Pamulang Menggunakan Load Testing Berbasis Apache JMeter,” JITEK: Jurnal Ilmiah Teknologi, vol. 6, no. 1, hlm. 53–66, Mar 2026, doi: 10.47233/jitek.v6i1.1104.

R. S. Pressman dan B. R. Maxim, Software Engineering: A Practitioner’s Approach, 9 ed. New York, NY, USA: McGraw-Hill Education, 2020.

I. Sommerville, Software Engineering, 10 ed. Harlow, UK: Pearson Education, 2016.

A. Nugroho dan D. Kurniawati, “Analisis Efektivitas Metode White Box Testing pada Pengujian Sistem Informasi Akademik Berbasis Web,” Jurnal Informatika dan Rekayasa Perangkat Lunak (JIRPL), vol. 4, no. 1, hlm. 12–24, Mar 2022, doi: 10.36565/jirpl.v4i1.189.

R. Fitriyani dan H. Cahyono, “Analisis Kompleksitas Siklomatik pada Modul Keamanan Aplikasi E-Commerce Berbasis Mikrolayanan,” Jurnal Nasional Teknik Elektro dan Teknologi Informasi (JNTETI), vol. 12, no. 1, hlm. 22–34, Feb 2023, doi: 10.22146/jnteti.v12i1.7501.

A. Hakim dan E. B. Triandini, “Pengujian Keamanan Aplikasi Web Menggunakan Metode Penetration Testing OWASP: Studi Kasus Portal Akademik Universitas,” Jurnal Informatika: Jurnal Pengembangan IT (JPIT), vol. 8, no. 1, hlm. 41–50, Jan 2023, doi: 10.30591/jpit.v8i1.4521.

F. Adrianto dan R. Anggraeni, “Implementasi Grey Box Testing untuk Meningkatkan Cakupan Pengujian pada Modul Pembayaran Digital Berbasis Microservices,” Jurnal Rekayasa Sistem dan Teknologi Informasi (RESTI), vol. 7, no. 4, hlm. 55–66, Agu 2023, doi: 10.29207/resti.v7i4.5011.

B. Santoso dan M. Fauzi, “Implementasi JSON Web Token untuk Autentikasi RESTful API: Analisis Keamanan dan Performa,” Jurnal Sistem dan Teknologi Informasi (JustIN), vol. 10, no. 4, hlm. 201–212, Okt 2022, doi: 10.26418/justin.v10i4.55821.

W. Susanto dan L. Agustina, “Metode Seeded Fault untuk Evaluasi Efektivitas Alat Bantu Pengujian Perangkat Lunak: Studi Komparatif,” Jurnal Ilmiah Teknik Elektro Komputer dan Informatika (JITEKI), vol. 8, no. 2, hlm. 67–79, Jun 2022, doi: 10.26555/jiteki.v8i2.24118.

D. Irawan dan F. Herlambang, “Evaluasi Keamanan Mekanisme Autentikasi Sistem Web Menggunakan Framework OWASP Testing Guide v4.2,” dalam Prosiding Seminar Nasional Teknologi Informasi dan Komunikasi (SNATIK), Semarang, Indonesia, 2023, hlm. 78–89.

T. J. McCabe, “A Complexity Measure,” IEEE Transactions on Software Engineering, vol. SE-2, no. 4, hlm. 308–320, Des 1976, doi: 10.1109/TSE.1976.233837.

H. Purnomo dan A. Setiawan, “Integrasi Pengujian Otomatis dalam Pipeline CI/CD untuk Meningkatkan Kualitas dan Keamanan Perangkat Lunak,” Jurnal Ilmu Komputer dan Informatika (JIKO), vol. 7, no. 2, hlm. 88–102, Jul 2023, doi: 10.30645/jiko.v7i2.312.

S. Rahayu dan M. Fauzi, “Perbandingan Teknik Equivalence Partitioning dan Boundary Value Analysis dalam Pengujian Sistem Manajemen Basis Data,” Jurnal Teknologi Informasi dan Pendidikan (TIP), vol. 18, no. 1, hlm. 33–45, Jan 2022, doi: 10.24036/tip.v18i1.519.

Y. Prasetyo dan N. Anggraini, “Otomatisasi Pengujian API Menggunakan Postman dan Newman pada Sistem Layanan Publik Berbasis Web,” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer (J-PTIIK), vol. 6, no. 3, hlm. 1120–1130, Mar 2022, doi: 10.25126/jtiik.202264097.

E. Kusrini dan M. D. Putri, “Strategi Pengujian Perangkat Lunak Berbasis Risiko untuk Sistem Perbankan Digital di Indonesia,” Jurnal Sistem Informasi dan Manajemen (JOSIM), vol. 11, no. 2, hlm. 89–101, Jul 2023, doi: 10.26619/josim.v11i2.1872.


Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Analisis Perbandingan Metode White Box dan Black Box Testing pada Pengujian Modul Autentikasi Sistem Web

Dimensions Badge
Article History
Published: 2026-06-17
Abstract View: 9 times
PDF Download: 8 times
Issue
Vol 5 No 3 (2026): Juni 2026
Pages: 113 - 121
Section
Articles

Copyright (c) 2026 Joko Yuwono

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).