Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A white-box testing metric requiring test cases that execute every feasible end-to-end path through code, the most thorough coverage criterion.
Path Coverage Definition: A white-box testing metric requiring test cases that execute every feasible end-to-end path through code, the most thorough coverage criterion.
Path coverage is a white-box software testing criterion that requires test cases to execute every feasible end-to-end path through a program segment at least once. It is the most thorough structural coverage metric, exercising each unique sequence of decisions from entry to exit, which makes it powerful for surfacing subtle logic and security flaws that weaker criteria miss.
Path coverage analyzes the program's control-flow graph, where each distinct route from start to exit is a path. Because loops and nested conditionals multiply paths combinatorially, full path coverage is often infeasible, so testers commonly use basis path testing, which derives a minimal set of independent paths equal to the code's cyclomatic complexity. This approximates path coverage while keeping the test count manageable. It is referenced in standards such as ISO/IEC/IEEE 29119 and secure development practices.
For security, path coverage matters because many vulnerabilities live in rarely executed branches, such as error handlers, edge-case input validation, or authentication fallbacks, that statement or branch coverage may leave untested. Exercising every feasible path increases confidence that no execution route bypasses a security check or reaches an unsafe state. Given its cost, organizations typically reserve rigorous path coverage for critical components and apply lighter coverage proportional to risk elsewhere.
For example, a military system's authentication module contains nested conditions for password validity, account lockout, and multi-factor checks. The team applies path coverage to verify every combination, including the path where a valid password meets a locked account and the path where MFA is bypassed by a fallback, confirming no route grants access improperly. Less critical reporting code in the same system receives only branch coverage, allocating testing effort according to each component's security impact.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →