BETAPlatform actively being built — new topics and features added regularly.

QADecoded
ISTQB Foundation Level (CTFL 4.0.1)~5 min read08/26

Test Types

// functional, non-functional, white-box, and change-related testing explained.

loading...
// content

"We tested everything" is meaningless without knowing what types of testing you did

A team that only tests whether features work as specified will miss performance bottlenecks, security vulnerabilities, and usability failures — even if every functional test passes. Test types ensure your test coverage is complete, not just wide.

CTFL defines test types based on what quality characteristic you are evaluating, not which level you are testing at. The same test type can apply at any level.

// example: netflix — testing more than just features

Scenario: Netflix launches a new video player feature that supports 4K HDR streaming. Functional testing: Does the 4K stream start and play correctly? Does pause, seek, and volume control work? Non-functional testing: Can the CDN handle 10 million simultaneous 4K streams? Does the player consume acceptable CPU on mobile? Is the DRM encryption compliant with studio requirements? Change-related testing: Does the new 4K player break playback on older 1080p devices? Does it affect loading times for non-4K users? What happened: Functional tests all passed. But performance testing revealed the new player increased CPU usage by 40% on older Android devices, causing battery drain. Regression testing found that the seek bar broke on the Apple TV app. Why it matters: Functional testing alone would have shipped a product that drained batteries and broke existing users.

Test Types — CTFL 4.0.1

Functional Testing

Evaluates what the system does — its functions and features. Based on functional requirements and specifications. Examples: login works, payment processes correctly, search returns relevant results. Can be performed at any test level.

Non-Functional Testing

Evaluates how well the system performs its functions. Covers quality characteristics beyond correctness. Key types per ISO 25010:

  • Performance testing — response time, throughput, resource usage under load
  • Security testing — vulnerability scanning, authentication, authorisation, data protection
  • Usability testing — ease of use, accessibility, user experience
  • Reliability testing — failure rate, recovery time, availability
  • Maintainability testing — how easy is it to modify, extend, or fix
  • Portability testing — compatibility across platforms, browsers, devices

White-Box Testing

Tests derived from the internal structure of the system (code, architecture). Coverage metrics guide how much of the code has been exercised. Can be applied at any level.

Change-Related Testing

Confirmation testing (re-testing) — verifying that a specific defect has been fixed. Run the original failing test case against the fix.

Regression testing — verifying that changes have not broken previously working functionality. Broader in scope than confirmation testing.

// tip: Exam Tip: Non-functional testing is NOT optional or secondary. CTFL treats performance, security, and usability as equal test types. The exam often asks which test type is appropriate for a given scenario — match the quality characteristic to the test type.

Test Types Applied: Login Feature

Test TypeWhat You Test on the Login FeatureExample Defect Found
FunctionalCorrect credentials → access granted; wrong password → error shownTypo in error message text
PerformanceLogin response time under 10,000 simultaneous usersLogin takes 8 seconds under load (expected: under 2)
SecuritySQL injection in username field; brute-force protection; session token expirySQL injection returns raw database error exposing table names
UsabilityIs the error message clear? Is the tab order logical? Is it accessible to screen readers?Error message says "Error 401" instead of "Incorrect password"
ConfirmationRe-run the SQL injection test after the fix is deployedFix verified — injection now blocked
RegressionDoes the security fix break the SSO login for enterprise users?SSO callback URL was inadvertently blocked by the new WAF rule

Functional Testing

What the system does — features and functions

// Test basis: Functional requirements, specifications

// Functional testing at each level

// Example defect

Login accepts valid credentials, rejects invalid

// Exam trap

Test types and test levels are independent — any type can apply at any level.

Test Types vs Test Levels

A common confusion: test types and test levels are independent axes. Any test type can be applied at any test level.

Test Type ↓ / Level →ComponentIntegrationSystemAcceptance
FunctionalUnit function logicAPI contract validationEnd-to-end feature flowBusiness workflow validation
Non-functionalFunction execution timeAPI response timeLoad and stress testingOperational readiness
White-boxBranch coverage of a methodInterface call coverageCode path coverage of systemRarely applied
RegressionRe-run unit tests after refactorRe-run integration suiteFull regression suiteKey business flows after change

// warning: Exam Trap: Regression testing and confirmation testing (re-testing) are NOT the same. Confirmation testing re-runs a specific failing test to verify a defect fix. Regression testing runs a broader set of tests to verify nothing else broke. The exam will present both and ask you to distinguish them — know the difference precisely.

Exam Practice Questions

// ctfl 4.0.1 style — select an answer to reveal explanation

4Q
Q1.A team verifies that a recently fixed login defect no longer occurs by running the original failing test case. This is:
Q2.Which test type evaluates whether the system can handle 50,000 simultaneous users without degradation?
Q3.A security scan reveals that user passwords are stored in plain text in the database. Which test type identified this defect?
Q4.Which statement about test types and test levels is CORRECT?
// end
prevTest Levels
next Static Testing & Reviews