It is rarely possible to test every possible aspect of an application, every possible combination of events, every dependency or everything that could go wrong in the software application. I believe Risk Analysis is appropriate to most software development projects. This requires judgement skills, common sense and experience.
I recommend to use risk analysis, along with discussion with project stakeholders to determine where testing should be focused.
Here are some of the aspects that might require close attention:
- Which functionality is most important to the project's intended purpose?
- Which functionality is most visible to the user?
- What functionality has the largest safety impact?
- Which functionality has the largest financial impact on users?
- Which aspects of the application are most important to the customer?
- Which aspects of the application can be tested early in the development cycle?
- Which parts of the code are most complex, and thus most subject to errors?
- Which parts of the application were developed in rush or panic mode?
- Which aspects of similar/related previous projects caused problems?
- Which aspects of similar/related previous projects had large maintenance expenses?
- Which parts of the requirements and design are unclear or poorly thought out?
- What do the developers think are the highest-risk aspects of the application?
- What kinds of problems would cause the worst publicity?
- What kinds of problems would cause the most customer service complaints?
- What kinds of tests could easily cover multiple functionalities?
- Which tests will have the best high-risk-coverage to time-required ratio?