We stand with Ukraine
Go Wombat logo

The 7 Principles of Software Testing: A Comprehensive Guide

Article by

Updated on January 18, 2024

Read — 9 minutes

The 7 principles of software testing are the basic guidelines established by the International Software Testing Qualifications Board (ISTQB), which provide the basis for an effective approach to software testing. The 7 principles were established over the course of decades through the application of QA practices in the real world and provide the basis for the ISTQB Foundation Level qualification. Knowledge of the 7 principles can help testers test smarter and understand the limits of what can be achieved through testing.

These principles are applicable to all projects regardless of the approach, domain, and size.

7 Principles of Software Testing

Principle 1: Testing Shows the Presence of Defects, Not Their Absence

Testing is conducted in order to detect problems, not in order to verify that a system does not have problems. This difference might be greater than one might think at first.

If a set of tests executes without problems, then this indicates that no problems were found with these particular tests, not that no problems exist in the software in general. This does not take into account possible edge cases, unusual combinations of input, or other environment-specific situations that were never tested. The likelihood of undiscovered problems still exists, even though it might be lower.

This applies to how test results should be expressed. A good report from a QA person does not say, for example, "the software is bug-free." A good report says something closer to: given the set of test cases defined, which represent the main user paths, no significant problems were found. This is a true statement, while the other one isn't.

Why it matters in practice: In practice, developers and stakeholders sometimes take a clean test run as a go-signal. It is a conditional go-signal. Recognising this limitation leads to a more honest discussion of risk and release readiness, which leads to better decisions.

It is impossible to prove correctness through testing. Testing can only reduce the probability of serious, undiscovered defects. This is extremely important. It is not the same as saying it is possible to be certain.

To achieve comprehensive defect reduction, a multi-layered approach of unit testing and integration testing combined with system testing and acceptance testing is more effective than a single test run. The objective is to achieve multiple layers of defect detection.

Principle 2: Exhaustive Testing Is Impossible

No given project can test all possible permutations of input, condition, and user behaviour. It is just not possible due to the sheer scale of the numbers involved.

Take, for example, a simple login form with two fields. Even for a form this simple, the possible input combinations, including special characters, different encodings, extreme length of strings, and concurrent session state, are measured in the millions. Any given application will have hundreds of factors interrelating between different parts, different integrations, and different environments. It is not a matter of testing all possible scenarios, but rather a matter of not enough testing. It is a matter of not enough testing being mathematically possible.

The practical approach is risk-based testing. Rather than trying to ensure complete coverage, we can prioritise areas of the system based on which parts are most likely to fail, which failures will have the greatest impact on users, and which parts of the system are most complex or subject to change.

Equivalence partitioning, for example, is a technique whereby we can ensure maximum coverage of valid and invalid input groups, and boundary value analysis, whereby we can ensure maximum coverage of areas of input ranges where failures are most likely, all help ensure maximum coverage within a finite time and resource base.

This principle is closely related to Principle 4. The areas of the system most likely to have defects are those areas we can identify through risk analysis, and it is those areas we should be focusing on.

Principle 3: Early Testing Saves Time and Money

The later that a defect is discovered, the more it will cost to fix that defect. This is not a generalisation; this is a known pattern for all software development projects, regardless of their size.

A defect found during the requirements phase that has yet to have a line of code written for it may take one hour to fix. The same defect found after the system has been developed with that incorrect requirement may take weeks to fix, touching many parts of the system. The cost multiplies with each phase.

This means that test activities should begin at the requirements phase rather than at the end of the development phase. Checking requirements documents for ambiguities, checking design documents for any inconsistencies, and performing static analysis are examples of early testing. This is where the term "shift-left" comes from. Shift-left refers to shifting quality activities to earlier phases of the development lifecycle.

What Shift Left Really Means in Practice

Shift-left is not just a philosophy. In modern engineering environments, it is embedded directly into CI/CD pipelines. With every commit to the codebase, automated tests are run: unit tests take milliseconds, static analysis provides feedback before code review, and contract tests check API calls before integration.

The end result is a faster feedback loop: developers detect problems just minutes after introducing the problem, when the context is still fresh in their minds, and the fix is easy.

By contrast, detecting the same problem during system tests three weeks later is not just more expensive; it’s also more disruptive to the entire team.

Teams that embed testing in their development process from day one report lower release cycles, fewer critical bugs in production, and lower overall QA costs. The investment in testing at the outset repays dividends throughout the life of the product.

Principle 4: Defects Cluster Together

Pareto Principle in Software Testing

In any given software system, defects are not uniformly distributed. Most software systems have a majority of their defects concentrated in a few modules or components, whether detected during testing or after deployment in production environments.

This is also known as the Pareto principle, which states that 80% of software defects are caused by 20% of the software code. This is not an exact figure, but the principle is consistent in all software systems, regardless of the industry domain or software type. Complex software modules, frequently changed modules, modules with a large number of dependencies, and modules that were developed in a hurry are known to have a higher defect rate.

Recognising this pattern changes the distribution of testing resources. Instead of distributing testing resources equally among all components, a pattern emerges that allows a team to understand where defects are likely to cluster in the future. These areas are then subjected to more test cases, more scrutiny, and more exploratory testing.

As an example, let’s imagine a fintech app. In this financial application, the interest rate calculation module has historically had more defects than any other module in the system. This is recorded by the testing team. In each release cycle, this module is subjected to three times the amount of test coverage that other, more stable modules receive.

This pattern continues for many months, with critical defects being found before they enter the production environment.

This process continues for a number of months, with key defects identified before they are introduced into the production environment.

This type of data-driven approach for testing allocation is one of the most powerful methods for ensuring that testing is both more thorough and, at the same time, more efficient. This does not mean, however, that we are ignoring the lower defect history modules, as code changes can introduce defects in any module, but we are ensuring that riskier modules are never under-tested.

Principle 5: Beware of the Pesticide Paradox

However, if the same set of tests is repeatedly executed without change, the tests will eventually stop revealing new defects. This idea was proposed by Boris Beizer, who likened this phenomenon to the world of agriculture. Insects subjected to the same pesticide over and over develop a resistance to the pesticide. In the end, the pesticide no longer has an effect.

This is the same situation for a set of tests. When a body of code is constantly changing, and the tests are not, the tests only verify what has already been working. This may look healthy. However, the confidence is misguided.

This is particularly evident in regression testing. A regression set of tests designed to verify the original functionality of a system will not detect defects introduced by new features, changes to components, or modifications to integrations.

How to counter it: Test suites should be considered living documents and reviewed and updated as part of each and every sprint or release cycle. New test cases should be designed for areas where recent changes have been made and unexplored paths exist. Sessions of exploratory testing, where the tester actively tries to identify unexpected behaviour without a script, can be extremely effective for identifying defects missed by existing test suites. Security testing, usability testing, and performance testing can also help identify defects that functional test suites are not designed to detect.

Even automated tools for regression test maintenance can help, but the basic idea is the same: no matter the tool, an out-of-date automated test suite still suffers from the pesticide paradox. The answer is not more automation; the answer is more thought given to the design of the tests.

Pesticide Paradox

Principle 6: Testing Is Context-Dependent

There is no standard approach that applies to all types of software; it depends entirely on the domain, risk profile, regulatory requirements, and end-user expectations.

Consumer mobile app and radiation therapy control system are both software; however, they are not tested in the same way. The risk profile, regulatory requirements, and risk threshold are completely different for both scenarios.

Real-World Consequences of Ignoring Context

The cost of context-insensitive testing is well known.

The Therac-25 radiation therapy machine failed due to several reasons. Among them was the fact that the safety features of previous hardware versions were removed when software control was incorporated. Yet, there was insufficient testing to replace these safety features. This led to the death of three patients due to radiation overdose.

The Mars Climate Orbiter was lost due to a mismatch between two teams. One team used imperial units while the other used metric units. This led to an error in calculating the trajectory. The craft entered the Martian atmosphere and was destroyed. However, during testing, there was an assumption of an integration context. This was based on the fact that both teams used similar units.

Knight Capital Group lost $440 million in 45 minutes due to a deployment error where a test system was used for trading. The software was performing exactly as designed. The issue stemmed from an old, unused code path that was unintentionally reactivated via a deployment flag, and testing had not covered the scenario of deploying to a live trading environment with that flag active.

All of these examples represent not a lack of testing, but rather a lack of fit between the testing and its context.

What this means for enterprise software development: an e-commerce application needs high security testing, accessibility testing, and load testing for peak demand situations. A banking application needs integration testing with payment networks, validation of error handling for financial transactions, and latency testing for high concurrency situations. A logistics application needs resilience testing for partial connectivity and third-party API failures.

Knowing the domain drives the entire testing strategy, which includes the testing scope, testing thoroughness, testing sequence, and testing standards. A software testing service delivery organisation without a good understanding of the domain context is not delivering quality assurance service.

Principle 7: Absence of Errors Is a Fallacy

Principle Absence of Errors Fallacy

Software can pass every test and still fail. Software can be technically correct and still fail its users. These are two different kinds of failure, and the testing strategy must address both of them.

The first kind of failure is a little easier to understand. No matter how comprehensive a test suite is, it cannot possibly cover every possible case. There are device configurations, unexpected input sequences, and edge cases that were never anticipated by the requirements. These are just a few examples of the ways in which a well-tested product can still fail. The absence of detected errors does not imply the absence of errors.

The second kind of failure is less intuitive but equally important. Software can be validated against every requirement in its specification and still fail. The requirements could have been wrong. The user experience could be too complex. The user workflow could not be representative of how people really work. The distinction here is between verification and validation. Verification is checking to see if the software meets its specification. Validation is checking to see if the software really works.

Comprehensive testing of a flawed specification results in technically correct software that nobody wants to use.

This principle is a reminder that testing is done for the user, not for the specification. If the specification is incomplete, ambiguous, or wrong for the users, testing it, however comprehensively, will not produce a quality product. Requirements review, user acceptance testing, and usability testing all address this problem. They are not optional extras. They are part of complete testing.

How the 7 Principles Work Together

These are not individual rules; they are mutually reinforcing.

"Early testing" (Principle 3) makes "finding the defects" (Principle 1) more effective because it finds the defects at the most easily correctable time. Defect clustering (Principle 4) feeds into risk-based testing, which is the practical answer to the impossibility of exhaustive testing (Principle 2). The pesticide paradox (Principle 5) explains why the absence of errors on a clean run cannot be taken as evidence of quality, which is exactly the same issue that the absence of errors fallacy (Principle 7) also addresses, but from the opposite direction. Context dependence (Principle 6) brings everything together because everything has to be implemented in the light of the reality of the particular system under test.

Test teams that work in this way, rather than as a series of disconnected rules, have more effective and flexible testing practices.

Conclusion

However, the 7 ISTQB principles of software testing are not abstractions. They are the result of the hard-won experience of the last few decades of software projects, including the unsuccessful ones. By adhering to them, we can improve the early detection of defects, prioritise the right testing activity, and prevent the illusion of security provided by a clean test run.

Testing is not an activity done at the end of the development lifecycle. It is a continuous activity influenced by the environment and aware of its limitations.

If you are looking to build or strengthen your testing strategy, Go Wombat's software testing services are designed around exactly these principles, tailored to the domain, focused on risk, and built to scale with your product.

Frequently Asked Questions

What are the 7 principles of software testing according to ISTQB? 

The seven principles of ISTQB are: testing for the presence of defects, not for their absence; testing is not exhaustive; testing early saves time and money; defects cluster together; beware of the pesticide paradox; testing is context-dependent; and absence of errors is a fallacy. This is the basic framework that guides all professional software testing activities.

Why is exhaustive testing considered impossible? 

Even for a simple application, there would be too many input combinations, environmental variables, and user behaviour patterns to test. The number of possible states increases exponentially with system complexity. The practical and widely accepted solution is risk-based testing.

What does shift left mean in the context of early testing? 

"Shift left" is a term used to describe the practice of shifting testing activities to earlier stages of the development lifecycle. Traditionally, testing is performed as a last step before deployment. In a "shift left" approach, requirements review, static analysis, and automated testing are performed as part of the development lifecycle. This helps minimise the cost and complexity of fixing bugs, which grow exponentially as bugs are introduced later.

What is the pesticide paradox, and how do you prevent it? 

The pesticide paradox describes a phenomenon where a static set of tests, run repeatedly without change, gradually loses its ability to detect new defects — because the software evolves while the tests do not. To prevent this, it is important to review tests regularly, use exploratory testing, and ensure new tests are written when new features are added.

Does passing all tests mean the software is ready for release? 

This is not necessarily so. Passing all tests means there were no defects detected under the tested conditions, which is significant but not equivalent to defect-free. It also does not guarantee that the software meets users’ expectations or solves the right problem. User acceptance testing and validation are also required.

Why does context matter so much in software testing? 

Each domain has a different risk profile, different regulations, and different expectations from the user. A testing approach suitable for a marketing website could be completely inadequate for medical device software or financial trading systems. Context defines what, how, and in which order testing should be done.

How can we help you ?

How can we help youHow can we help youHow can we help you