ConceptsBeginner5-7 min reference
SDLC & STLC
A reference for the two life-cycle frameworks every QA engineer is expected to know: SDLC (how the product gets built) and STLC (how the product gets tested). Useful for interview prep, planning meetings, and aligning across teams.
SDLC Phases
| Phase | What happens | Key artefacts | QA involvement |
|---|---|---|---|
| Requirements Analysis | Gather what the product should do, capture functional + non-functional needs | BRD, FRD, user stories, acceptance criteria | Review for testability, flag ambiguity, draft the test approach |
| System Design | Architecture, database schema, API contracts, UI wireframes | Design docs, ER diagrams, API specs, wireframes | Review for risk, identify integration points, plan automation feasibility |
| Implementation (Coding) | Developers build features against the design | Source code, unit tests, code reviews | Pair on tricky logic, write integration tests, do early exploratory testing on dev branches |
| Testing | Verify the system meets requirements | Test plans, test cases, defect reports, RTM | Owns this phase — system, integration, UAT, regression, performance, security |
| Deployment | Release to staging then production | Release notes, deployment runbook | Smoke / sanity tests post-deploy, sign-off, monitor production canary |
| Maintenance | Bug fixes, enhancements, patches over the product's lifetime | Patch releases, change logs | Regression suite per release, support reproduction, validate fixes |
Key principle
QA is not a phase — it's a thread that runs through all six. The "Testing" phase is where formal verification concentrates, but shift-left moves QA activities earlier (review at requirements time) and shift-right moves them later (production monitoring and on-call rotation).
SDLC Models
| Model | Shape | Testing position | Best for |
|---|---|---|---|
| Waterfall | Sequential — each phase fully completes before the next | Late — testing starts after coding ends | Stable requirements, regulatory products, hardware-software co-development |
| V-Model | Mirror of dev and test — every dev phase has a paired test phase | Test planning starts during requirements; test execution late | Safety-critical products (medical, automotive, aerospace) |
| Iterative | Build in chunks, refine each iteration | Continuous within each iteration | Large products with evolving requirements |
| Spiral | Risk-driven loops; each loop = plan, risk, build, test | Ongoing — prioritised by risk assessment | High-risk, large-budget projects |
| Agile | Short sprints (1–4 weeks), incremental delivery | Continuous — every sprint includes testing | Most modern web/SaaS products with changing priorities |
| DevOps | Continuous integration + continuous delivery; blurs build/test/deploy | Continuous testing in pipeline; production monitoring | Web platforms, microservices, anything that ships daily |
V-Model — what each side maps to
Requirements ────────────────────── Acceptance Tests
System Design ────────────── System Tests
Architecture ────── Integration Tests
Module Design ── Component Tests
Coding
Reading top to bottom: dev work descends, then ascends back up through testing. Each test phase verifies the dev phase at its own level.
Agile vs Waterfall — at-a-glance
| Waterfall | Agile | |
|---|---|---|
| Testing phase | One block at the end | Every sprint |
| When QA starts | After dev ends | Sprint planning |
| Documentation | Heavy, up-front | Light, just-in-time |
| Feedback to devs | Long cycle | Same-sprint |
| Change cost | High once dev starts | Built into the model |
| Defect cost | Increases dramatically late | Stays cheaper because found earlier |
| Best for | Stable, well-known requirements | Evolving requirements, frequent releases |
STLC Phases
The Software Testing Life Cycle — the QA-side mirror of SDLC. Six phases with explicit entry / exit criteria.
1. Requirement Analysis
Understand what's being tested before any test work starts.
| Entry criteria | Requirements document available (BRD, FRD, user stories with AC) |
| Activities | Review requirements, identify testable scope, raise gaps and ambiguities, build the Requirements Traceability Matrix (RTM), identify automation candidates |
| Deliverables | Reviewed RTM, list of clarification questions, automation feasibility report |
| Exit criteria | RTM signed off, all queries resolved, scope agreed |
2. Test Planning
Define the strategy, scope, schedule, and resourcing.
| Entry criteria | Approved requirements + RTM |
| Activities | Write test strategy and test plan, estimate effort, pick tools, assign roles, plan test data and environments, define entry/exit criteria for execution |
| Deliverables | Test plan document, effort estimate, tool selection rationale, schedule |
| Exit criteria | Test plan reviewed and approved by stakeholders |
3. Test Case Design
Turn requirements into executable test cases.
| Entry criteria | Approved test plan, signed-off requirements |
| Activities | Write test cases (positive, negative, edge), prepare test data, peer-review cases, link cases back to requirements in the RTM |
| Deliverables | Test cases, test data sets, test scripts (for automated cases), updated RTM |
| Exit criteria | All cases reviewed and approved; coverage of every in-scope requirement confirmed in the RTM |
4. Test Environment Setup
Stand up the infrastructure to execute against.
| Entry criteria | Test plan, system design docs, deployment plan |
| Activities | Provision hardware/cloud, install OS + middleware + app, configure tools (CI, defect tracker, browsers, devices), seed test data, run smoke tests |
| Deliverables | Configured test environment, smoke-test results, environment access info for the team |
| Exit criteria | Environment ready, smoke test passes, access verified |
5. Test Execution
Run the tests, log defects, retest.
| Entry criteria | Test cases ready, environment ready, build deployed and accepted via smoke test |
| Activities | Execute planned cases, log defects with reproduction steps, retest fixes, run regression after each major fix or new build, exploratory testing alongside scripted execution, daily status reporting |
| Deliverables | Test execution results, defect reports, updated RTM (executed status), daily/weekly status reports |
| Exit criteria | All planned cases executed, defect counts within agreed thresholds (e.g. 0 critical, ≤ N high), regression clean |
6. Test Closure
Wrap up the cycle, capture lessons.
| Entry criteria | Test execution complete with acceptable defect metrics |
| Activities | Verify exit criteria met, prepare test summary report, document lessons learned, archive artefacts (test cases, defect reports, environment configs), retro with the team |
| Deliverables | Test summary report, lessons-learned doc, archived artefacts |
| Exit criteria | Test summary report signed off; lessons fed into next cycle's plan |
Entry & Exit Criteria — Quick Reference
One table, all six STLC phases.
| Phase | Entry criteria | Exit criteria |
|---|---|---|
| Requirement Analysis | Requirements doc available | Signed-off RTM, queries resolved |
| Test Planning | Approved requirements, RTM | Test plan approved |
| Test Case Design | Approved test plan | Cases reviewed; full RTM coverage |
| Environment Setup | Test plan, design docs | Env ready, smoke passes |
| Test Execution | Cases ready, env ready, build deployed | All cases run; defect metrics acceptable |
| Test Closure | Execution complete; metrics met | Test summary report signed off |
Test Deliverables by Phase
| Deliverable | Phase that produces it | Owner |
|---|---|---|
| Test Strategy | Test Planning (organisation-level, often before any specific project) | QA Lead / Test Manager |
| Test Plan | Test Planning | QA Lead / Test Manager |
| Requirements Traceability Matrix (RTM) | Requirement Analysis (created), updated through all phases | QA team |
| Test Cases / Test Scripts | Test Case Design | QA team |
| Test Data | Test Case Design | QA team |
| Environment Configuration Document | Environment Setup | DevOps + QA |
| Smoke / Sanity Test Results | Environment Setup, Test Execution | QA team |
| Defect Reports | Test Execution | QA team |
| Test Execution Report (daily/weekly) | Test Execution | QA Lead |
| Test Summary Report | Test Closure | QA Lead |
| Lessons Learned Document | Test Closure | QA team + stakeholders |
Test Strategy vs Test Plan
A common confusion — they're different documents.
| Test Strategy | Test Plan | |
|---|---|---|
| Scope | Organisation-wide or product-line wide | One project / release |
| Audience | Senior management, multiple teams | The project team |
| Lifespan | Long — updated yearly or rarely | Short — for the duration of one project |
| Contains | Standards, tools, policies, types of testing the org does | Scope, schedule, resources, specific cases for this release |
| Example sections | "We test on Chrome/Firefox/Safari", "We use Jira for defects", "We require code coverage ≥ 80%" | "Sprint 14 covers the checkout redesign; smoke + regression + visual" |
The Test Plan inherits from the Test Strategy — it doesn't restate the org's standards, just references them.
QA Activities in Agile / Scrum
Agile compresses the STLC. Most phases happen continuously inside each sprint.
Per-sprint mapping
| Scrum ceremony | QA activities |
|---|---|
| Backlog refinement | Review upcoming stories for testability; flag missing acceptance criteria; raise risks; estimate testing effort |
| Sprint planning | Pull stories into the sprint with realistic test effort included; identify dependencies (env, test data, third-party); break stories into tasks |
| Daily standup | Test progress per story; blockers (broken builds, env down, awaiting fix); fresh defects |
| Sprint review / demo | Demo tested features; show coverage and defect metrics; gather feedback |
| Sprint retrospective | Process improvements: too much regression, slow builds, flaky env, automation gaps |
Definition of Done — testing criteria
A story isn't "done" until everything below is true. Treat this as a checklist on the story card.
□ All acceptance criteria verified manually or via automation
□ Unit-test coverage meets team threshold (e.g. ≥ 80 %)
□ Integration tests passing in CI
□ End-to-end / regression suite passing
□ No open critical or high-severity defects
□ Performance budget met (if perf-sensitive)
□ Accessibility checks passed (WCAG AA)
□ Cross-browser / cross-device tested per matrix
□ Code reviewed and approved
□ Docs updated (user-facing, API, runbook)
□ Telemetry / logging in place
The Test Pyramid in Agile
The cost-and-coverage shape of an Agile test suite. Layers, ratios, and what each layer is good at:
| Layer | Typical share | Speed | Owner | What it catches |
|---|---|---|---|---|
| Unit | ~70 % | ms each, run on every save | Devs | Logic errors, regressions in pure functions, edge cases in calculations |
| Integration | ~20 % | seconds each | Devs + QA | Component interactions, DB queries, API contracts |
| End-to-end | ~10 % | tens of seconds each | QA | Real user flows, deploy correctness, browser-specific bugs |
Anti-patterns to avoid:
- Ice-cream cone — heavy E2E, light unit. Slow, brittle, expensive to maintain.
- Hourglass — many unit + many E2E, almost no integration. Big behavioural gaps that don't show up until production.
Three Amigos meeting
When a story is unclear, get a developer, a tester, and a product person together (the "three amigos") to walk through it. The tester's role is to ask "what could go wrong?" and "what's the acceptance criteria for that case?" until the story is concrete enough to estimate.
Shift-left and shift-right
| Means | Examples | |
|---|---|---|
| Shift-left | Move QA work earlier in the cycle | Reviewing requirements, writing acceptance tests before code, pairing on PRs, contract tests at design time |
| Shift-right | Extend QA into production | Synthetic monitoring, real-user metrics, feature flags + gradual rollout, on-call rotation, chaos engineering |
A mature Agile QA practice does both — find issues earlier and learn from production.