Test Strategy
Testing Levels
| Level | Scope | Owner |
|---|---|---|
| Unit Testing | Business logic, validation, services | Engineering |
| API Testing | Endpoint behavior, authentication, validation, errors | Backend / QA |
| Integration Testing | Payments, OTP/SMS, email, notifications | Backend / QA |
| UI Testing | Dashboard and mobile workflows | QA / Product |
| Security Testing | RBAC, scope/account isolation, access denial | QA / Security / Backend |
| Operational Testing | Backup, restore, monitoring, incident response | DevOps / QA |
Test Types
| Test Type | Examples |
|---|---|
| Positive | Valid login, valid order creation |
| Negative | Unauthorized user attempts restricted action |
| Boundary | Daily limit edge cases, invalid amounts |
| Regression | Core flows after release |
| Smoke | Login, dashboard load, API health, payment status |
| Evidence-based | Screenshot, test result, log, Sentry issue, report |
Automation Priority
| Priority | Candidate Areas |
|---|---|
| High | Authentication, RBAC, scope/account isolation, payment idempotency |
| Medium | Orders, credentials, supplier flow |
| Low | Content pages, static reports |