The most complete method of ensuring code coverage in Web applications would be to use a hybrid white-box/black-box analysis tool. This approach is sometimes referred to as gray-box testing. Tray-box testing usually implies that the tester does not have complete access to the source code of the application, though. In this case, however, the hybrid tool will have complete access to the source and, ultimately, will perform both a complete white-box and a complete black-box analysis. Additionally, instead of just running each method independently, the tool will apply both techniques in cooperation with each other. First, the white-box component executes, finding defects in the code and compiling a complete list of the site pages and execution cases (like the leap-day exception). After it finishes, the white-box component passes this list to the black-box component, which ensures that each page and execution case in the list is thoroughly scanned.
In this way, the strength of each type of tool is used to overcome the other's weakness. The cooperation between the separate components is the key that makes code coverage more complete. Hopefully the white-box and black-box analysis camps will take inspiration from the peanut butter cup and start working together to create more reliable and more trustworthy Web-application analysis tools.