What is software testing?

What software testing is for

When you commission custom software, testing is the work that catches mistakes before they reach you and your customers. Developers are skilled, but every non-trivial system contains errors. Testing is the disciplined search for those errors while they are still cheap to fix.

It has two jobs. The first is to confirm the software does what was agreed: each requirement is exercised and shown to work. The second is to find defects, the points where the software behaves wrongly, so they can be corrected before release rather than discovered live.

The International Software Testing Qualifications Board (ISTQB), the recognised global authority for the discipline, frames testing as far more than running a finished product: it spans reviewing requirements, planning checks and reporting results. Done well, it is woven through the whole build, not bolted on at the end.

The main types of testing you will hear named

On a software project you will hear several kinds of testing mentioned. You do not need to perform them, but it helps to know what each one checks:

• Unit testing: checks the smallest individual pieces of code in isolation, usually written and run automatically by the developers.
• Integration testing: checks that separate pieces work correctly once joined together, since parts that pass alone can still fail in combination.
• System testing: checks the whole assembled application end to end, against the agreed requirements, the way it will actually be used.
• Regression testing: re-checks features that already worked, to confirm a new change has not broken anything elsewhere.
• Performance testing: checks the software stays fast and stable under realistic load, such as many people using it at once.
• Security testing: looks for weaknesses an attacker could exploit, such as gaps that expose data.

The first three form a sequence from small to whole. Performance and security testing check non-functional requirements: not what the software does, but how well it does it.

Supplier QA versus your own UAT

Two distinct sets of testing happen on a project, and the line between them matters when it is time to accept and pay for the work.

Quality assurance (QA) is the testing the supplier carries out as they build, checking the software against the requirements you agreed. In a software project QA means exactly this testing discipline, not a vaguer idea of general quality. It is the supplier's responsibility and should run throughout the build.

User acceptance testing (UAT) is the testing you do as the buyer, near the end. You work through real business tasks and confirm the software genuinely does the job. The UK Government's Service Manual treats this kind of checking with real users as a core part of building digital services well. Our entry on user acceptance testing covers how to run it.

What to expect from a supplier, and what to ask for

A competent supplier treats testing as a normal, costed part of the project, not an optional extra. You should expect them to test their own work as part of QA, fix the defects they find and give you a stable build to run UAT against.

You can reasonably ask how they test, what is automated and what is checked by hand and how defects are recorded and tracked. Useful evidence includes a short test plan or summary, a defect log showing issues found and fixed and confirmation that each agreed requirement has been tested. Testing usually appears as a stage in the software development lifecycle.

No supplier can test every possibility, so testing reduces risk rather than removing it. A supplier who can describe their approach and show evidence is giving you a sound signal; one who cannot is not.

Frequently asked questions