ISTQB Foundation Level — Chapter 1

Fundamentals of Testing · 15 Learning Objectives · K1 & K2 · v4.0.1

Chapter 1 — All learning objectives

1.1 What is Testing?

FL-1.1.1K1Identify typical test objectives
FL-1.1.2K2Differentiate testing from debugging

1.2 Why is Testing Necessary?

FL-1.2.1K2Exemplify why testing is necessary
FL-1.2.2K1Recall the relation between testing and quality assurance
FL-1.2.3K2Distinguish between root cause, error, defect, and failure

1.3 Testing Principles

FL-1.3.1K2Explain the seven testing principles

1.4 Test Activities, Testware and Test Roles

FL-1.4.1K2Explain the different test activities and related tasks
FL-1.4.2K2Explain the impact of context on the test process
FL-1.4.3K2Differentiate the testware that supports the test activities
FL-1.4.4K2Explain the value of maintaining traceability
FL-1.4.5K2Compare the different roles in testing

1.5 Essential Skills and Good Practices

FL-1.5.1K2Give examples of generic skills required for testing
FL-1.5.2K1Recall the advantages of the whole team approach
FL-1.5.3K2Distinguish the benefits and drawbacks of independence of testing

K-level legend

LevelActionExam style
K1Remember / Recall"Which of the following IS a test objective?"
K2Understand / Explain / Differentiate"Which statement BEST describes…?"
This entire chapter is K1 & K2 — focus on understanding concepts and recognising correct/incorrect statements rather than applying techniques.

1.1 What is Testing?

📌 Definition

Software testing is a set of activities to detect defects and evaluate the quality of software. The item being tested is called the test object.
Testing is NOT just running the software. It also includes planning, designing test cases, and analysing results.

🎯 Typical test objectives — mnemonic: F C R V L I C V

LetterObjectiveMeaning
FFind defectsEvaluating work products (requirements, code, designs) by causing failures and finding defects
CCoverageEnsuring required coverage of a test object
RRisk reductionReducing the risk level of inadequate software quality
VVerificationVerifying whether specified requirements have been fulfilled
LLegal complianceVerifying the test object complies with contractual, legal, and regulatory requirements
IInformation to stakeholdersProviding information to allow informed decisions
CConfidence buildingBuilding confidence in the quality of the test object
VValidationValidating that the test object works as expected by stakeholders
Test objectives vary depending on context: work product type, test level, risks, SDLC, business context (time to market, corporate structure).

🔍 Verification vs Validation

Verification ✅

Are we building the product right?
Checks if software meets specified requirements.

e.g., "Does the login page match the design spec?"

Validation ✅

Are we building the right product?
Checks if software meets user needs.

e.g., "Does the login page satisfy what users actually need?"

⚡ Testing vs Debugging

AspectTestingDebugging
WhoTesterDeveloper
GoalFind defects / failuresIdentify cause of defects and fix them
OutputDefect reportFixed code
Static testingDirectly finds defectsOnly remove the defect (no reproduction needed)
Dynamic testingTriggers failuresReproduce → Diagnose → Fix

Debugging process (dynamic testing):

1. Reproduce failure
2. Diagnose (find defect)
3. Fix defect
4. Confirmation testing
5. Regression testing
Confirmation testing: checks if the fix worked. Regression testing: checks the fix didn't break anything else.
Static testing & debugging: Static testing finds defects directly — no failure, no reproduction needed. Debugging = just remove the defect.

📦 Static vs Dynamic Testing

Static Testing

No execution. Uses reviews and static analysis tools.
Finds defects directly.

e.g., Code reviews, SonarQube analysis, requirement reviews

Dynamic Testing

Requires executing the software. Observes actual output vs expected.
Finds failures → then debugging finds defects.

e.g., Running automated test cases, manual UI testing

1.2 Why is Testing Necessary?

🌍 Software in Daily Life

Software is essential in banking, communication, healthcare, aviation, and almost every aspect of life. Faulty software can cause financial loss, wasted time, loss of reputation, and in extreme cases injury or death.

🎯 Testing's contributions to success

  • Cost-effective defect detection — finding defects early is cheapest; after detection, debugging removes them
  • Evaluates quality at different stages of the SDLC
  • Supports management decisions — test metrics help decide whether to release or move to next phase
  • Represents user needs — testers simulate real users (cheaper than involving real users)
  • Meets legal & regulatory requirements — contracts, compliance, safety standards

🔄 Testing vs Quality Assurance (QA)

AspectTesting (QC)QA
ApproachCorrectivePreventive
FocusProduct-orientedProcess-oriented
GoalAchieve appropriate quality levelsImplement & improve processes
ResponsibilityTest team primarilyEveryone on the project
Uses test results toFix defectsEvaluate process performance

Quality Control (QC) includes:

A. Testing B. Simulation C. Prototyping D. Formal methods
Exam trap: Testing and QA are NOT the same. QC = corrective approach. QA = preventive approach.

1.2.3 Error → Defect → Failure → Root Cause

🔗 The chain

Human makes an
Error
Error causes a
Defect (Bug/Fault)
Defect causes a
Failure
TermAlso calledDefinitionExample
ErrorMistakeA human action that produces an incorrect resultDeveloper types < instead of <=
DefectBug, FaultA flaw in a work product that can cause failureWrong condition in code
FailureDefect executed → system does not perform as expectedSystem crashes on valid input
Root causeThe fundamental reason behind a defect or failurePoor training → coding error

🧠 Causes of human errors

⏱️ Time pressure 🧩 Complex work 🔄 Complex processes 🏗️ Poor infrastructure 😴 Fatigue 📚 Lack of training

📌 Key facts about defects & failures

  • Defects can exist in any work product — documentation, requirements, test scripts, source code, build files
  • Early-stage defects (requirements) can propagate to later stages if not caught
  • Not all defects cause failures — some only fail under specific conditions; some never fail
  • Failures can also be caused by environmental factors — radiation, electromagnetic fields (hardware/firmware)
Root cause analysis = identifying the fundamental cause → fixes root cause → prevents similar defects in future → reduces failure frequency.

📝 Mnemonic for this section

Error Defect Failure  |  Root cause prevents recurrence

1.3 Seven Testing Principles

Mnemonic: "Please Examine Early Tests, Defects Tend to Accumulate"

📐 All 7 principles

Principle 1 · P

Testing shows Presence of defects, not absence

Testing can prove defects exist ✅
Cannot prove no defects exist ❌
Testing only reduces the probability of defects.

Exam: "Testing proves software is correct" → FALSE

Principle 2 · E

Exhaustive testing is impossible

Testing all possible inputs/conditions is not feasible (except trivial systems).
Use: test techniques, prioritization, risk-based testing.

Exam: Focus on important and high-risk areas

Principle 3 · E

Early testing saves time and money

Finding defects early = lower cost, less rework.
Both static & dynamic testing should start as early as possible in SDLC.

Exam: Shift-left testing concept

Principle 4 · T

Defects cluster together

Most defects found in few modules (Pareto Principle / 80-20 rule).
Focus testing on defect-prone areas.

Exam: Explains why risk-based testing is effective

Principle 5 · T

Tests wear out

Repeating the same tests finds fewer new defects over time.
Solution: update test cases, add new tests.
Exception: useful in regression testing (automation).

Exam: Why test cases should be updated regularly

Principle 6 · D

Testing is context dependent

Testing approach differs by software type, industry, risks.
Banking software ≠ Gaming software.
No single universal testing method.

Exam: No one-size-fits-all approach

Principle 7 · A

Absence-of-defects fallacy

Even if no defects found and requirements met — software may still fail user expectations or business goals.
Validation is also important, not just verification.

Exam: "No bugs found = product is good" → FALSE

⚡ Quick reference table

#PrincipleKey message
1Presence not absenceCannot prove zero defects
2Exhaustive impossibleUse risk & prioritisation
3Early testingEarlier = cheaper to fix
4Defect clustering80/20 rule — focus on risky modules
5Tests wear outUpdate tests regularly
6Context dependentNo universal approach
7Absence fallacyNo bugs ≠ product is good

1.4.1 & 1.4.2 Test Activities & Context

🔄 Seven test activities

Plan
Monitor & Control
Analyse
Design
Implement
Execute
Complete

Activities may be sequential, iterative, or parallel depending on context.

📋 Each activity explained

1

Test Planning — "What are the goals?"

Define test objectives, select best testing approach within constraints (time, cost, resources). Decides what, how, and when to test.

2

Test Monitoring & Control — "Are we on track?"

Monitoring: continuously compare actual vs planned progress.
Control: take corrective actions to meet objectives (re-prioritize, add resources).

3

Test Analysis — "What to test?"

Study test basis (requirements, specs). Identify testable features. Define & prioritise test conditions based on risk. Find testability issues.

4

Test Design — "How to test?"

Convert test conditions into test cases. Identify coverage items. Define test data requirements, test environment, tools and infrastructure.

5

Test Implementation — "Prepare for testing"

Create/acquire test data & scripts. Organise test cases → test procedures → test suites. Set up test environment. Prioritise execution order.

6

Test Execution — "Run tests"

Execute test cases (manually or automated). Compare actual vs expected results. Log test results. Identify failures & report defects. Includes continuous testing & pair testing.

7

Test Completion — "Wrap up & improve"

Report unresolved defects. Archive testware. Shut down test environment. Analyse lessons learned. Create test completion report. Improve future testing.

🌐 Test process in context (1.4.2)

Testing is not isolated — it is funded by stakeholders and must fulfil business needs. These context factors affect test strategy, techniques, automation level, coverage, and reporting:

FactorExamples
StakeholdersNeeds, expectations, requirements, cooperation level
Team membersSkills, knowledge, experience, availability, training needs
Business domainCriticality (banking vs gaming), risks, legal regulations
Technical factorsSoftware type, architecture, technology stack
Project constraintsScope, time, budget, resources
Organizational factorsCompany structure, policies, existing practices
SDLCAgile, Waterfall, DevOps — affects when/how testing occurs
ToolsAvailability, usability, compatibility
Mnemonic: S T B T P O S T — Stakeholders, Team, Business, Technical, Project, Organizational, SDLC, Tools

1.4.3 Testware & 1.4.4 Traceability

📦 What is testware?

Testware = all work products created during testing. Everything a tester produces to test the application — plans, cases, scripts, data, reports, logs.

Managed using configuration management to ensure consistency and integrity.

📋 Testware by activity

ActivityWork products (testware)
Test PlanningTest plan, test strategy, risk register (risks + likelihood + impact + mitigation)
Monitoring & ControlTest progress reports, control directives, risk-related information
Test AnalysisTest conditions (prioritised), acceptance criteria, defect reports (in test basis)
Test DesignTest cases, test charters, coverage items, test data requirements, environment requirements
Test ImplementationTest procedures, test scripts (manual & automated), test suites, test data, execution schedule, stubs/drivers/simulators
Test ExecutionTest logs, defect reports
Test CompletionTest completion report, lessons learned, improvement actions, change requests
Organising testware: Test Cases → organised into Test Procedures → assembled into Test Suites

🔗 Traceability (1.4.4)

Traceability = linking test basis (requirements) ↔ testware ↔ test results ↔ defects to ensure complete coverage and support monitoring.
Requirements
Test Cases
Test Results
Defects

Benefits of traceability:

  • Coverage evaluation — confirms all features are tested
  • Impact analysis — identifies which tests are affected by changes
  • Audit support — makes reviews and audits easier
  • IT governance compliance — meets organisational and regulatory standards
  • Better reporting — test progress and completion reports are clearer for stakeholders

Coverage as KPI:

Coverage criteria act as Key Performance Indicators (KPIs) — measurable values that evaluate how effectively test objectives are being achieved.

Types of traceability:

Forward → Requirement to Test Case Backward → Test Case to Requirement Bidirectional → Both directions

1.4.5 Roles in Testing

👥 Two principal roles

👔 Test Management Role

Focus: Management & leadership

Activities:
• Test planning
• Test monitoring
• Test control
• Test completion

In Agile: tasks may be shared by whole team
Large projects: dedicated test managers

🔧 Testing Role (Technical)

Focus: Technical/engineering aspects

Activities:
• Test analysis
• Test design
• Test implementation
• Test execution

One person can perform both roles depending on context.

🏢 Tester interactions with other roles

Interacts withAbout
DeveloperTest strategy, automation approach, fixing bugs
Business AnalystClarify and understand requirements
Project ManagerRisk assessment, current testing status
ClientReview requirements, UAT
DevOpsCI/CD pipeline, environment setup and deployment

📋 Roles & testware ownership

RolePrepares / ownsReviews
Test ManagerTest plan, test strategyTest summary report, risk reports
Test Analyst / QATest conditions, test cases, test dataRequirements, RTM
Automation EngineerTest scripts, automation suites
Tester / QA TesterTest logs, defect reports
DeveloperUnit tests, fixesDefect reports, technical test cases
Business AnalystRequirements, business rulesTest cases, RTM
Project ManagerTest plan, progress & summary reports

1.5.1 Generic Skills & 1.5.2 Whole Team Approach

🧠 Generic skills required for testing

📘 Testing knowledge

Understanding concepts and techniques. Improves testing effectiveness.

e.g., Knows BVA → finds off-by-one error at ATM limit

🔎 Personal qualities

Thoroughness, carefulness, curiosity, attention to detail, methodical approach.

e.g., Notices "₹" symbol missing on price display

💬 Communication skills

Clear communication, active listening, teamwork. Report defects clearly and constructively.

✅ "Login fails when password > 20 chars" not ❌ "Login is broken"

🧩 Thinking skills

Analytical thinking, critical thinking, creativity.

e.g., Login fails on slow internet → identifies network delay as root cause

⚙️ Technical knowledge

Understanding tools and technologies. Increases testing efficiency.

e.g., Uses Selenium to run 100 test cases automatically

🏦 Domain knowledge

Knowledge of business domain (banking, healthcare). Ensures correctness of test scenarios.

e.g., Knows interest calculation rules → finds calculation bug

Communication challenge: Testers are sometimes seen as "bearers of bad news." Solution: report defects constructively — focus on improving the product, not blaming people.

👨‍👩‍👧‍👦 Whole Team Approach (1.5.2)

A practice from Extreme Programming (XP) — any team member with the necessary knowledge and skills can perform any task, and everyone is responsible for quality.

✅ Advantages

  • Improves team dynamics
  • Enhances communication & collaboration
  • Creates synergy by leveraging all skill sets
  • Transfers testing knowledge across team
  • Testers help BAs create acceptance tests
  • Shared workspace (physical or virtual) facilitates interaction

⚠️ Not always appropriate when:

  • High independence needed (e.g., safety-critical systems)
  • Lack of testing skills across the team
  • Time and cost constraints prevent cross-training
  • Risk of bias — fresh perspective may be needed

Team development stages (Tuckman):

Forming
Roles unclear
Storming
Disagreements
Norming
Agreement
Performing
Smooth execution

1.5.3 Independence of Testing

📌 What is independence?

Testing performed by someone other than the author of the work product, to reduce bias and improve defect detection.

Independence ≠ replacement of developer testing. Developers can still find many defects in their own code — but an independent tester thinks differently and finds different types of defects.

📊 Levels of independence

LevelTested byIndependenceExample
1Author (developer)NoneDeveloper tests own code
2Peers (same team)SomeCode review by teammate
3Testers from another teamHighSeparate QA team
4External testersVery highOutside organisation
Best practice: use multiple levels — developers for unit testing, QA team for system testing, business users for acceptance testing.

⚖️ Benefits vs Drawbacks

✅ Benefits

  • Finds different types of defects
  • Provides fresh perspective
  • Can verify, challenge, and disprove assumptions
  • Reduces bias from cognitive blindness

⚠️ Drawbacks

  • Poor communication between testers & developers
  • Adversarial relationship / conflicts
  • Developers may lose responsibility for quality
  • Testers seen as bottlenecks or cause of delays
Exam tip: Independence improves defect detection BUT has drawbacks. The best approach is to combine multiple levels of independence rather than rely on only one.

Requirements Traceability Matrix (RTM)

📋 What is RTM?

RTM (Requirement Traceability Matrix) is a table that links requirements with test cases, results, and defects to ensure complete test coverage.

🗂️ Example RTM

Req IDRequirementTest Case IDTest DescriptionResultDefect ID
R1Login with valid credentialsTC1Verify login with correct username & password✅ Pass
R2Login with invalid credentialsTC2Verify error message on wrong login❌ FailD1
R3Password resetTC3Verify password reset functionality✅ Pass
R4Logout functionalityTC4Verify user can log out❌ FailD2

✅ Key points for exam

  • Ensures 100% requirement coverage
  • Helps in impact analysis — when requirements change, know which tests are affected
  • Supports defect tracking — links bugs back to requirements
  • Used in test planning, monitoring, and reporting

Forward traceability

Requirement → Test Case
Are all requirements covered?

Backward traceability

Test Case → Requirement
Is every test case justified?

Bidirectional

Both directions.
Best practice for complete coverage.

Key definitions & exam traps

📖 Essential definitions

TermDefinition
Test objectThe actual application, system, or module being tested
Test basisSource of information used to create test cases (requirements, design docs, user stories)
Test conditionA specific aspect or feature to be tested — derived from the test basis
TestwareEverything a tester creates to test the application (plans, cases, scripts, data, reports, logs)
TraceabilityLink between requirements, test cases, results, and defects — ensures coverage and supports monitoring
ErrorA human mistake that produces an incorrect result
DefectA flaw in a work product (also: bug, fault) — caused by an error
FailureWhen a defect is executed and the system does not perform as expected
Root causeThe fundamental reason behind a defect or failure
VerificationAre we building the product right? (meets specs)
ValidationAre we building the right product? (meets user needs)
DebuggingThe process of finding, analysing, and fixing defects — done by developers
Confirmation testingTesting after a fix to verify the defect is resolved
Regression testingTesting after a fix to verify nothing else was broken
Continuous testingRunning automated tests continuously at every stage of CI/CD pipeline
Pair testingTwo people work together on testing the application
Whole team approachEveryone on the team is responsible for quality (from XP/Agile)

🚨 Common exam traps

Trap 1: "Testing proves the software is correct / has no defects" → FALSE (Principle 1 + 7)

Trap 2: "Testing and QA are the same" → FALSE — Testing = corrective/product-oriented; QA = preventive/process-oriented

Trap 3: "Debugging is part of testing" → FALSE — Debugging is done by developers; testing finds defects/failures

Trap 4: "Exhaustive testing is achievable with enough time" → FALSE — Principle 2 says it is impossible

Trap 5: "If no defects are found, the software is ready" → FALSE — Absence-of-defects fallacy (Principle 7)

Trap 6: "Independence of testing eliminates all defects" → FALSE — it reduces bias and finds different defects, but has drawbacks

Trap 7: "Test monitoring and test control are the same activity" → FALSE — monitoring = checking progress; control = taking corrective action

Trap 8: "The whole team approach is always appropriate" → FALSE — not suitable for safety-critical systems needing high independence

⚡ Ultra-quick revision

TopicOne-liner
Test objectivesF C R V L I C V — Find, Coverage, Risk, Verify, Legal, Inform, Confidence, Validate
Error→Defect→FailureHuman mistake → code flaw → system misbehaviour
7 principlesP E E T T D A — Presence, Exhaustive, Early, Tired tests, Defect cluster, Context, Absence fallacy
Test activitiesPlan → Monitor/Control → Analyse → Design → Implement → Execute → Complete
TestwareEverything created during testing — plans, cases, scripts, data, logs, reports
TraceabilityReq ↔ Test Case ↔ Result ↔ Defect — ensures coverage, supports audits
Testing vs DebuggingTesting finds defects; debugging fixes them
QC vs QAQC = corrective/product; QA = preventive/process
Independence levelsNone → Peer → Another team → External
Whole team approachEveryone responsible for quality (from XP) — not always appropriate