While an empirical approach is very thorough, it often isn't possible. For example, suppose you write a function to find the factorial of a number. Can you test all the values? Of course not, you'd be there forever. What you can do is test different equivalence classes of inputs so you test all the logic.
Think of testing as approaching the problem from many different angles. For instance:
Unit testing: making sure the code does what the programmer though it should
Functional testing: making sure a feature works as expected. Think: login, add to cart, or search as features.
Integration testing: making sure sets of features work together. "Bob logs in, adds three widgets to his cart, checks out, and chooses express delivery".
Performance testing: making sure the app responds within an agreeable, and industry comparable timeframe.
Security testing: ensuring the application doesn't expose sensitive data, protects against XSS, SQI, etc.
Lateral testing: testing with non-standard data, locking accounts and seeing what info you can get, trying to retrieve data from rendered source code or log files.
The important thing to remember is that you don't have to approach every problem from every angle on every project. Well tested code = an intelligent idea about the product quality. Untested/poorly tested code = guessable product quality.
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop