Test methodologies can be of benefit when conceptualizing any test approach -from unit to features- , defining test strategies or building test architectures.
There are in-depth academic areas of study on these. This is not a complete list, only a summary of ones that are more commonly used.
Ad-hoc, Manual, Exploratory testing
Although this is testing at its simplest, there are holistic approaches worth checking out.
Testing based on the requirements of the system. Requirement Coverage is the relationship between test cases and requirements. Requirement Tracability visualizes these relations: 1:1, 1:n, n:1 or n:n.
Testing based on the activity / sequence of user workflows / events that occur in the system. Usually referred to as use case scenarios. Can be useful while conceptualizing acceptance criteria into BDD context.
Testing based on aspects that are not directly related to requirements of the system. Per standard, some of these are Performance, Reliability, Security, Maintainability, Usability, Portability etc. The term service-level-agreement (SLA) is also used in related contexts.
These methodologies are useful when there is a vast amount of data and we want to reduce the amount of testing needed. In Equivalence class partitioning, the input data is divided into ranges of values that are known to be equivalent. The tests are then created to be representative for each range. In Boundary value analysis, testing is done at the extreme ends / boundaries of these partitions. Usually the two methodologies are used harmoniously.
A decision tree is a flowchart-like structure where each node represents a test on an attribute and the branches represent the outcomes of the test. In daily testing practices, it can be used in relevance to use case scenarios / workflows, but the applications are not limited to this; machine learning, operations reasearch, decision analysis etc. are some of the other domains it is used.
The high level distinction in a classification tree vs a decision tree is; at node level the attributes vs decisions/scenarios/tests, and at branch level possible values of the attributes vs outcomes.
Cause-effect graphing technique can be used when the combinations of input conditions is a concern. A graph if used to represent the combinations of input conditions, and then the graph is converted to a decision table to obtain the test cases.
The key insight underlying this form of testing is that not every parameter contributes to every failure and most failures are caused by interactions between relatively few parameters. The problem space - which can be anything from configurations, deployments, test suites or test scenarios - is modeled into parameters and values that these parameters can have. The test cases are then generated by feeding this information into tools. Check out this tool and many more like it at pairwise.org.
A finite state machine (FSM) describes the possible states of the system and the transitions that can occur between them triggered by inputs. The test cases are then generated by feeding the state machine into a tool.
Understand the various state and transition and mark each valid and invalid state.
Defining a sequence of an event that leads to an allowed test ending state.
Each one of those visited state and traversed transition should be noted down.
Steps 2 and 3 should be repeated until all states have been visited and all transitions traversed.
XState is a well known JS/TS library for creating state machines and statecharts, and interpreting them.
The distinction between FSMs and Markov chains is that Markov chains are probabilistic and FSMs are deterministic. Markov chains are used to model the behavior of a system, and FSMs are used to model the behavior of a system.
In model based testing, a model is created to describe the system. Generally Activity or State diagrams are used to for the model. In turn, test cases are generated by feeding the model into a tool. While a part of the test community swears by it since decades, others are hindered by test maintenance and the reverse engineering tedium.
Familiar terminology from day to day tools we use in development.
Mutation testing can be used to evaluate the fault-detection capability of a unit test suite. In Mutation testing, artificial "defects" are introduced to the code. Subsequently, different versions of the code -mutants- are tested-against using the test suite at hand. Finally, the efficiency of the test cases is evaluated -mutation score- based on the success rate of finding defects -mutants being killed. In modern web dev, it can be utilized after there is confidence in coverage, to further determine if the testing is adequate. Then, the tests with low mutation score can be enhanced to be more meaningful.
The most common terminology being referred to by UI automation. No mocking any dependencies, but testing as a real user would. Can incorporate other test methodologies.
These look like UI e2e tests but they fully stub the network, and they are run without hitting a real server. They are faster, and less brittle than traditional UI e2e tests since the network is not a concern. They are great for shift-left approach and to isolate the ui functionality prior to testing on deployments where the backend matters.
UI component testing paradigm is rapidly changing, but the ultimate goal is to test the component in isolation. Some approaches in the React world are with React Testing Library, Enzyme, and recently with Cypress where components are rendered in the browser as opposed to the terminal. A popular way to build components is with Storybook, and newer approaches are allowing stories to be tested as well.
In API testing a real server is the request target; this can also be referred to as a contract test sometimes. It can also be that the tests span over multiple apis, whereby this can be referred to as API e2e testing. The goal is to test services or the integration of them at a higher level than isolated modules.
The distinction from API testing is that all that is external to the component is mocked and the module is tested in isolation. In the NodeJS world, Nock (mock external http) and Supertest or Axios (test only the server) can be used to achieve this kind of testing. With Supertest & Axios cases, the server is served locally, and the db is preferably in a local Docker container.
A type of contract testing that ensures that a provider is compatible with the expectations that the consumer has of it. It is the primary way to shift API testing left, and test the integration of apis/services prior to deploying them to a common environment. Pact is a well known framework on this matter.
Typically email testing involves validating email fields (from, to, cc, bcc, subject, attachments), HTML content and links in the email. Email services also allow spam checks and visual checks. The core goal is to enable the last mile of end to end testing, to enable a typical web app to be tested from start to finish.
A visual regression test checks what the user will see after any code changes have been executed by comparing screenshots taken before and after code changes. It is the primary way to validate regressions in CSS, but it is also useful for covering viewport & cross browser/device combinations, as well as localization.
In the web world this is beginning to have 2 paradigms; for UI it is concerned with user experience (tools like Lighthouse), and for the back end it evaluates how a system performs in terms of responsiveness and stability under a particular workload (tools like k6).
Related to NFR testing in resiliency, it is the discipline of experimenting on a software system in production in order to build confidence in the system's capability to withstand turbulent and unexpected conditions. Generally speaking it is at the top of the pyramid and applied after some amount of maturity in testing.
Related to NFR testing as well, it is performed to evaluate the security of the system, using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. A vast topic in its own right, being made approachable to web development via automated test tools that drive front end UIs while assessing vulnerabilities.