The security of traditional cryptographic primitive is based on the black-box attack model, in this model, an adversary is given black-box (oracle) access to the functionality and has no idea about the implementation details of the software. In theory, this model is rational if we ignore the information leakage from implementations in the real-world. However, once a cryptosystem is implemented in software, information leakage always happens and will result in stronger attacks. White-box attack is one of such attacks. It is different with attacks defined in traditional cryptography, it assumes that the adversary has full control over the execution environment of application programs and has total visibility of the internal values of the software. Adversaries in white-box attack context are much stronger than in black-box attack context, therefore, traditional cryptographic primitives are fragile, secure cryptosystems are needed to resist such attacks. This paper introduces the original idea and related notions of white-box cryptography, concludes the research status and development trends of white-box basic theories and design techniques, and evaluates efficiency and security for the public white-box cryptographic schemes. Also, this paper presents the application prospects of white-box cryptography and some unresolved issues.