Software debugging or vulnerability testing in which the tester has only limited knowledge of a program’s internal details, and in particular no access to the source code. A gray box is a device, program or system whose workings are partially understood: contrast black box testing and white box testing.