The latest articles on DEV Community by Sri Lakshmi (@srilakshmi). https://dev.to/srilakshmi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3128196%2Fdd608d65-6f73-4d7e-b43e-0f0d489df7ec.png https://dev.to/srilakshmi en Sri Lakshmi Tue, 06 May 2025 17:37:01 +0000 https://dev.to/srilakshmi/software-testing-cheat-sheet-5c3b https://dev.to/srilakshmi/software-testing-cheat-sheet-5c3b <h2> Core Concepts </h2> <h3> What is Software Testing? </h3> <p>Process to verify software meets requirements and works as expected. Identifies bugs, gaps, and missing functionality before release. Ensures quality, reliability, and proper functionality.</p> <h3> Why Testing Matters </h3> <ul> <li> <strong>Early Defect Detection</strong>: Finds bugs when they're cheaper to fix</li> <li> <strong>Quality Assurance</strong>: Ensures product meets standards and requirements</li> <li> <strong>Customer Satisfaction</strong>: Delivers reliable, functional products</li> <li> <strong>Risk Mitigation</strong>: Prevents costly failures in production</li> <li> <strong>Performance Verification</strong>: Confirms system performs as expected under various conditions</li> </ul> <h3> Testing Principles </h3> <ol> <li><strong>Testing shows defects exist, not their absence</strong></li> <li> <strong>Exhaustive testing is impossible</strong> - use risk-based approaches instead</li> <li><strong>Early testing saves time and money</strong></li> <li> <strong>Defects cluster</strong> in specific modules (80/20 rule)</li> <li> <strong>Pesticide paradox</strong>: Tests lose effectiveness if not updated regularly</li> <li> <strong>Testing depends on context</strong> - different applications need different approaches</li> <li> <strong>Bug-free doesn't mean useful</strong> - software must meet user needs</li> </ol> <h2> Test Strategy &amp; Planning </h2> <h3> Test Strategy </h3> <p>Organization-level approach defining general testing principles, tools, and processes. Includes risk-based testing approaches and overall methodology.</p> <h3> Test Planning </h3> <p>Project-specific document detailing what, when, how, and by whom testing will be performed. Includes:</p> <ul> <li>Scope and objectives</li> <li>Test deliverables</li> <li>Features to test/not test</li> <li>Testing schedule</li> <li>Resource allocation</li> <li>Entry/exit criteria</li> </ul> <h3> Test Design </h3> <p>Creation of test cases based on requirements. Includes test conditions, test data, expected results, and execution procedures. Ensures requirements coverage.</p> <h3> Test Execution </h3> <p>Process of running test cases against the application. Involves:</p> <ul> <li>Preparing test environment</li> <li>Executing test scripts</li> <li>Logging results</li> <li>Reporting defects</li> <li>Retesting fixes</li> <li>Regression testing</li> </ul> <h2> Testing Types </h2> <h3> By Execution Method </h3> <ul> <li> <strong>Manual Testing</strong>: Human execution following test cases</li> <li> <strong>Automated Testing</strong>: Using scripts and tools for repetitive tests</li> </ul> <h3> By Knowledge of Structure </h3> <ul> <li> <strong>Black Box</strong>: Testing without knowledge of internal code - focuses on inputs/outputs</li> <li> <strong>White Box</strong>: Testing with code knowledge - focuses on code paths and coverage</li> <li> <strong>Gray Box</strong>: Combination approach with limited internal knowledge</li> </ul> <h3> By Testing Level </h3> <ul> <li> <strong>Unit Testing</strong>: Tests individual components in isolation</li> <li> <strong>Integration Testing</strong>: Tests component interactions</li> <li> <strong>System Testing</strong>: Tests complete integrated system</li> <li> <strong>Acceptance Testing</strong>: Verifies user requirements are met</li> </ul> <h3> Functional Testing Types </h3> <ul> <li> <strong>Smoke Testing</strong>: Quick check for critical functionality</li> <li> <strong>Sanity Testing</strong>: Focused check after minor changes</li> <li> <strong>Regression Testing</strong>: Ensures changes don't break existing functionality</li> <li> <strong>Interface Testing</strong>: Verifies communication between components</li> </ul> <h3> Non-Functional Testing </h3> <ul> <li> <strong>Performance Testing</strong>: Speed, scalability, stability</li> <li> <strong>Load Testing</strong>: Behavior under expected load</li> <li> <strong>Stress Testing</strong>: Behavior beyond normal capacity</li> <li> <strong>Security Testing</strong>: Vulnerability identification</li> <li> <strong>Usability Testing</strong>: User experience quality</li> <li> <strong>Compatibility Testing</strong>: Works across environments</li> </ul> <h2> Bug Management </h2> <h3> Bug Life Cycle </h3> <ol> <li> <strong>New</strong>: Bug identified and reported</li> <li> <strong>Assigned</strong>: Developer tasked with fixing</li> <li> <strong>Open/In Progress</strong>: Under investigation</li> <li> <strong>Fixed</strong>: Solution implemented</li> <li> <strong>Verified</strong>: QA confirms fix works</li> <li> <strong>Closed</strong>: Issue resolved</li> <li> <strong>Reopened</strong>: If issue returns after fix</li> </ol> <h3> Bug Classification </h3> <ul> <li> <strong>Severity</strong>: Impact on system functionality <ul> <li>Critical: System crash, data loss</li> <li>Major: Feature unusable</li> <li>Minor: Feature works with limitations</li> <li>Trivial: Cosmetic issues</li> </ul> </li> <li> <strong>Priority</strong>: Order of fix implementation <ul> <li>High: Fix immediately</li> <li>Medium: Fix in current cycle</li> <li>Low: Fix when resources available</li> </ul> </li> </ul> <h2> Testing Techniques </h2> <h3> Black Box Techniques </h3> <ul> <li> <strong>Equivalence Partitioning</strong>: Divide inputs into valid/invalid groups, test one from each</li> <li> <strong>Boundary Value Analysis</strong>: Test at input boundaries (min/max values)</li> <li> <strong>Decision Table</strong>: Test logical combinations of inputs</li> <li> <strong>State Transition</strong>: Test system state changes</li> <li> <strong>Use Case Testing</strong>: Test user scenarios end-to-end</li> <li> <strong>Error Guessing</strong>: Test based on experience where errors likely occur</li> </ul> <h3> White Box Techniques </h3> <ul> <li> <strong>Statement Coverage</strong>: Execute each line of code</li> <li> <strong>Branch Coverage</strong>: Execute each decision outcome (if/else paths)</li> <li> <strong>Path Coverage</strong>: Execute all possible code paths</li> <li> <strong>Loop Testing</strong>: Test loops at 0, 1, and multiple iterations</li> <li> <strong>Code Complexity</strong>: Test based on cyclomatic complexity</li> </ul> <h2> Test Documentation </h2> <h3> Test Plan </h3> <p>Document outlining overall testing approach, scope, schedule, deliverables, and resources.</p> <h3> Test Case </h3> <p>Specific test condition with steps, data, and expected results:</p> <ul> <li>Test ID and description</li> <li>Preconditions</li> <li>Test steps</li> <li>Expected results</li> <li>Actual results</li> <li>Pass/Fail status</li> </ul> <h3> Requirements Traceability Matrix (RTM) </h3> <p>Maps requirements to test cases ensuring complete test coverage. Tracks which requirements have passing/failing tests.</p> <h2> Test Data Management </h2> <p>Strategies for creating, maintaining and using test data. Includes synthetic data generation, data masking, and maintaining test data integrity across test cycles.</p> <h2> Root Cause Analysis </h2> <p>Process to identify underlying causes of defects. Uses techniques like 5 Whys, Fishbone diagrams, and Pareto analysis to prevent recurrence.</p> <h2> Debugging </h2> <p>Systematic process to isolate, identify, and resolve bugs. Involves:</p> <ul> <li>Reproducing the issue</li> <li>Isolating the source</li> <li>Analyzing code or conditions</li> <li>Fixing the root cause</li> <li>Verifying the solution</li> </ul> <h2> Agile Testing </h2> <h3> Agile Testing Principles </h3> <ul> <li>Tests continuously throughout development</li> <li>Whole team responsible for quality</li> <li>Test early, test often</li> <li>Automate regression tests</li> <li>Tests drive development (TDD)</li> </ul> <h3> Agile Testing Practices </h3> <ul> <li> <strong>TDD (Test-Driven Development)</strong>: Write tests before code</li> <li> <strong>BDD (Behavior-Driven Development)</strong>: Tests based on user behavior </li> <li> <strong>ATDD (Acceptance Test-Driven Development)</strong>: Tests based on acceptance criteria</li> <li> <strong>Continuous Integration</strong>: Tests run automatically with code commits</li> <li> <strong>Testing Quadrants</strong>: Balance automated/manual, business/technology focused tests</li> </ul> <h2> Test Automation </h2> <h3> When to Automate </h3> <ul> <li>Repetitive tests (regression, smoke)</li> <li>Data-driven scenarios</li> <li>Performance/load testing</li> <li>High-risk functionality</li> <li>Cross-browser/platform tests</li> </ul> <h3> Automation Frameworks </h3> <ul> <li> <strong>Data-Driven</strong>: Separate test data from logic</li> <li> <strong>Keyword-Driven</strong>: Action keywords define test steps</li> <li> <strong>Hybrid</strong>: Combines multiple approaches</li> <li> <strong>BDD</strong>: Uses natural language specifications</li> </ul> <h3> Popular Tools </h3> <ul> <li> <strong>UI Automation</strong>: Selenium, Cypress, Playwright</li> <li> <strong>API Testing</strong>: Postman, RestAssured, SoapUI</li> <li> <strong>Mobile</strong>: Appium, XCUITest, Espresso</li> <li> <strong>Performance</strong>: JMeter, LoadRunner, Gatling</li> <li> <strong>CI/CD Integration</strong>: Jenkins, GitHub Actions, GitLab CI</li> </ul> <h2> Test Metrics </h2> <h3> Effectiveness Metrics </h3> <ul> <li> <strong>Defect Density</strong>: Defects per code size unit</li> <li> <strong>Defect Removal Efficiency</strong>: % of defects found before release</li> <li> <strong>Requirements Coverage</strong>: % of requirements tested</li> <li> <strong>Code Coverage</strong>: % of code executed during tests</li> </ul> <h3> Efficiency Metrics </h3> <ul> <li> <strong>Test Execution Time</strong>: Time to run test suite</li> <li> <strong>Test Case Productivity</strong>: Defects found per test case</li> <li> <strong>Automation Coverage</strong>: % of tests automated</li> <li> <strong>Cost per Defect</strong>: Resources spent per defect found</li> </ul> <h2> Tools and Reporting </h2> <h3> Test Management Tools </h3> <ul> <li>TestRail, Zephyr, qTest: Manage test cases and execution</li> <li>JIRA, Azure DevOps: Track defects and requirements</li> </ul> <h3> Reporting Metrics </h3> <ul> <li>Test execution progress</li> <li>Pass/fail ratios</li> <li>Defect trends</li> <li>Test coverage</li> <li>Open/closed defect counts</li> </ul> <h2> Mobile and Web Testing Specifics </h2> <h3> Mobile Testing Challenges </h3> <ul> <li>Device fragmentation</li> <li>OS versions</li> <li>Network conditions</li> <li>Battery usage</li> <li>Interruptions handling</li> </ul> <h3> Web Testing Specifics </h3> <ul> <li>Browser compatibility</li> <li>Responsive design</li> <li>Accessibility compliance</li> <li>Security (OWASP Top 10)</li> <li>Performance optimization</li> </ul> <h2> Performance Testing </h2> <h3> Performance Testing Types </h3> <ul> <li> <strong>Load Testing</strong>: Normal load behavior</li> <li> <strong>Stress Testing</strong>: Breaking point identification</li> <li> <strong>Endurance Testing</strong>: Long-duration stability</li> <li> <strong>Spike Testing</strong>: Sudden load increase handling</li> <li> <strong>Volume Testing</strong>: Data volume impact</li> </ul> <h3> Key Performance Metrics </h3> <ul> <li>Response time</li> <li>Throughput</li> <li>Resource utilization</li> <li>Error rates</li> <li>Concurrent users capacity</li> </ul> <h2> Security Testing </h2> <h3> Common Security Tests </h3> <ul> <li>Authentication/authorization verification</li> <li>Input validation and sanitization</li> <li>Session management</li> <li>Data protection and encryption</li> <li>API security</li> </ul> <h3> Security Testing Approaches </h3> <ul> <li>Vulnerability scanning</li> <li>Penetration testing</li> <li>Security code review</li> <li>Compliance checking</li> <li>Threat modeling</li> </ul> <h2> Common Interview Differences Questions </h2> <h3> Verification vs Validation </h3> <ul> <li> <strong>Verification</strong>: Are we building the product right? (Reviews, inspections, walkthroughs)</li> <li> <strong>Validation</strong>: Are we building the right product? (Testing against requirements)</li> </ul> <h3> Testing vs Debugging </h3> <ul> <li> <strong>Testing</strong>: Finding defects/bugs in software</li> <li> <strong>Debugging</strong>: Finding root cause and fixing bugs</li> </ul> <h3> Severity vs Priority </h3> <ul> <li> <strong>Severity</strong>: Impact on functionality (critical, major, minor, trivial)</li> <li> <strong>Priority</strong>: Order of fix implementation (high, medium, low)</li> </ul> <h3> Quality Assurance vs Quality Control </h3> <ul> <li> <strong>QA</strong>: Preventive process ensuring quality standards are met</li> <li> <strong>QC</strong>: Detective process finding defects in existing products</li> </ul> <h3> Black Box vs White Box vs Grey Box </h3> <ul> <li> <strong>Black Box</strong>: No knowledge of internals, focus on inputs/outputs</li> <li> <strong>White Box</strong>: Full knowledge of code internals, focus on coverage</li> <li> <strong>Grey Box</strong>: Limited knowledge of internals, combines both approaches</li> </ul> <h3> Smoke Testing vs Sanity Testing </h3> <ul> <li> <strong>Smoke</strong>: Basic verification that critical functionality works</li> <li> <strong>Sanity</strong>: Focused check of specific functionality after changes</li> </ul> <h3> Regression Testing vs Retesting </h3> <ul> <li> <strong>Regression</strong>: Ensuring unchanged areas still work after changes</li> <li> <strong>Retesting</strong>: Verifying fixed defects work properly</li> </ul> <h3> Alpha Testing vs Beta Testing </h3> <ul> <li> <strong>Alpha</strong>: Testing by internal teams before release</li> <li> <strong>Beta</strong>: Testing by real users in real environments before full release</li> </ul> <h3> Static Testing vs Dynamic Testing </h3> <ul> <li> <strong>Static</strong>: Reviewing code/documents without execution</li> <li> <strong>Dynamic</strong>: Testing with actual code execution</li> </ul> <h3> Load Testing vs Stress Testing </h3> <ul> <li> <strong>Load</strong>: Testing at expected normal/peak loads</li> <li> <strong>Stress</strong>: Testing beyond normal capacity until breaking point</li> </ul> <h3> Manual Testing vs Automated Testing </h3> <ul> <li> <strong>Manual</strong>: Human execution of test cases</li> <li> <strong>Automated</strong>: Tool-based execution of scripted tests</li> </ul> <h3> System Testing vs Acceptance Testing </h3> <ul> <li> <strong>System</strong>: Testing complete integrated system against specifications</li> <li> <strong>Acceptance</strong>: Verifying system meets business/user requirements</li> </ul> <h3> Functional Testing vs Non-functional Testing </h3> <ul> <li> <strong>Functional</strong>: Testing what the system does</li> <li> <strong>Non-functional</strong>: Testing how the system performs (performance, usability, security)</li> </ul> <h3> Test Plan vs Test Strategy </h3> <ul> <li> <strong>Test Plan</strong>: Project-specific detailed testing approach</li> <li> <strong>Test Strategy</strong>: Organization-level general testing guidelines</li> </ul> <h3> Defect vs Error vs Failure vs Fault </h3> <ul> <li> <strong>Error</strong>: Mistake made by developer</li> <li> <strong>Defect/Bug</strong>: Implementation that doesn't match requirements</li> <li> <strong>Failure</strong>: System not performing required function</li> <li> <strong>Fault</strong>: Incorrect step/process/data definition</li> </ul> <h3> STLC vs SDLC </h3> <ul> <li> <strong>SDLC</strong>: Software Development Life Cycle (requirements to maintenance)</li> <li> <strong>STLC</strong>: Software Testing Life Cycle (planning to closure)</li> </ul> <h3> TDD vs BDD </h3> <ul> <li> <strong>TDD</strong>: Test-Driven Development (write tests before code)</li> <li> <strong>BDD</strong>: Behavior-Driven Development (tests based on system behavior)</li> </ul> <h2> SDLC &amp; STLC </h2> <h3> Software Development Life Cycle (SDLC) </h3> <ul> <li>Requirements gathering</li> <li>Design</li> <li>Implementation</li> <li>Testing</li> <li>Deployment</li> <li>Maintenance</li> </ul> <h3> SDLC Models </h3> <ul> <li> <strong>Waterfall</strong>: Sequential phases</li> <li> <strong>V-Model</strong>: Testing paired with each development phase</li> <li> <strong>Agile</strong>: Iterative, incremental approach</li> <li> <strong>Spiral</strong>: Risk-driven approach</li> <li> <strong>Prototype</strong>: Build-evaluate-refine cycle</li> </ul> <h3> Software Testing Life Cycle (STLC) </h3> <ol> <li> <strong>Requirements Analysis</strong>: Understand what to test</li> <li> <strong>Test Planning</strong>: Develop testing strategy</li> <li> <strong>Test Design</strong>: Create test cases</li> <li> <strong>Test Environment Setup</strong>: Prepare testing infrastructure</li> <li> <strong>Test Execution</strong>: Run tests, report defects</li> <li> <strong>Test Closure</strong>: Evaluate test completion criteria</li> </ol> <h2> Key Testing Concepts </h2> <h3> Entry/Exit Criteria </h3> <ul> <li> <strong>Entry</strong>: Conditions to start testing (requirements, code ready)</li> <li> <strong>Exit</strong>: Conditions to complete testing (coverage, defect thresholds)</li> </ul> <h3> Testing Approaches </h3> <ul> <li> <strong>Risk-Based</strong>: Focus on highest-risk areas first</li> <li> <strong>Requirement-Based</strong>: Tests derived from requirements</li> <li> <strong>Exploratory</strong>: Simultaneous learning and testing</li> <li> <strong>Session-Based</strong>: Time-boxed exploratory testing</li> </ul> <p>This cheat sheet provides a quick reference for all essential software testing knowledge. Use it as a refresher before interviews or as a daily reference in your testing activities.</p> testing sdet cheatsheet