The most complete and

updated

Software QA and
QA Automation
Road Map 2023
From Zero to Architect
Resources: Real work experiences, big company
career ladders, roadmap.sh

Mohammad Monfared, Lead SDET and Architect

https://www.linkedin.com/in/mohammad-monfared/
1- Theory & Fundamentals

• What is software testing? 7 principles and its objectives.

• Terminologies (ISTQB glossary)
• Testing approaches (White box, Black box, Grey box) - definitions &
differences
• Functional & Non-functional test - definitions & differences
• Smoke, Exploratory, Sanity and Regression test - definitions & differences
• Test documentation & design - Test case, Test suite, Test scenario,
checklist, how to convert user story (or requirements) to Test scenario
• Test planning
• Test coverage, Requirements Traceability Matrix (RTM)
• Bug life cycle
• Static and Dynamic testing
• How to report a bug - Steps to reproduce, expected & actual result
• Explain how web, mobile, and desktop applications work
• What is automation testing?
• Type of automation testing (UI, E2E, Performance, Security, API (Service),
Unit & Integration)
• Where and why automated testing can be used?
• Understanding CI/CD and its theory.
• Living documents
• Create reports
• Agile & Scrum:
• QA in waterfall model and agile methodologies.
• Iterations (Sprint)
• Roles and responsibilities: Product Owner, Product Manager, Scrum
Master, Leads, Developers, QA, QAA
• Artifacts: Project backlog, Sprint backlog
• Meetings: Daily, Sprint Planning, Sprint Review, Retrospectives,
Backlog refinement
• Type of tasks: Epic, Story, Tasks, Subtasks, Issue/Bug, Spike
• ISTQB Fundamental Certificate

1
2- Basic Technical Skills:
• API testing fundamentals
• What is a web service and API?
• Response Codes
• Type of APIs
• Authentication
• Monitor Backend (DevTools, Fiddler, CharlesProxy)
• Git - basics
• Database - queries and schemas, primary and foreign key
• Network protocols (e.g. TCP, UDP, FTP)
• Basic HTML and main tags (a, div, table, span, tr, td, ul, li)
• Basic CSS
• How a web page is rendered in the browser - Applying CSS styles, DOM,
JavaScript
• How the web application works - Client-Server architecture, web socket.
• Cache and cookies
• Continuous integration - run a build, monitor the results, and deploy on the
environment.
• BDD framework and Gherkin syntax
• Linux
• CLI / Powershell / Unix bash

3- Test Planning:
• Implement STLC
• Implement BDD & Gherkin syntax for everything (PRD, Bug report, Test-
cases)
• Choose appropriate tools and strategy
• Define bug life cycles
• Manage test-cases
• RTM

2
4- Know about the important tools/frameworks and their uses:

• Web testing: Selenium, Cypress, Playwright, WebDriverIO, Selenide

• Mobile testing: Appium, Calabash, Selendroid, Detox
• Desktop testing: WinAppDriver, Winium, Ranorex, TestComplete
• Codeless tools: Katalon, Testproject.io
• API testing: Postman, Swagger, RestAssured, Katalon, SoapUI, Cypress,
Karate
• Performance test: jMeter, K6.io, Gatling, Locust, ChromeDevTools,
Loader.io, Blazemeter, LoadRunner
• Test frameworks: Robotframework, TestNG, Pytest, Mocha, Jasmin,
Puppeteer
• BDD frameworks: Cucumber, Serenity, Behave
• Making reports and dashboards: AllureReports, Mochawesome, Grafana,
Kibana
• HTTP monitor: Fiddler, CharlesProxy, HttpAnalyzer
• Version Control System (VCS): Git, GitLab, Bitbucket, TeamCity
• Issue tracker: Jira, YouTrack, TFS
• CI/CD: Jenkins, Teamcity, CircleCI, Travis CI, Bamboo
• Test managers: TestRail, Jira+Xray, TestLink, TestMo, TestPad
• Documentation: Confluence, Notion
• Device farms: Browserstacks, SauceLabs, AWS device farm, Lamdatest,
Samsung Remote Test Lab, Firebase Test Lab, Xamarin Test Cloud, STF
(create in-house device lab)

3
5- Learn a programming language (Preferably Python, Java,
or JavaScript):
• Basics and syntax
• String - analyses, pattern matching, regex
• Containers (list, set, array, dictionary, tuple, etc.)
• OOP
• Control flow and loops (decision-making)
• Work with files - read/write, analyze the contents, download and upload
• Work with databases
• API requests
• Run system commands
• Data structure and algorithms
• Generators
• SOLID principles
• Scopes
• Multithreading
• Debug
• Mastering in an IDE (VS-Code and JetBrains product)

It’s time to dive into Automation…

4
6- Web test automation (e.g. Selenium or Cypress)
• What are WebDriver and JsonWireProtocol? How do they work?
• Install requirements and tools needed
• Locators: XPath / CSS, validate locators in DevTools
• Creating a framework from scratch (e.g, Selenium+Robotframework or
Java+Maven+TestNG)
• Browser actions
• Assertions + Get attributes + Form validations
• Implement Page Object Model
• Mouse actions (Click, RightClick, Scroll vertically and horizontally, Hover,
Drag & Drop)
• Keyboard actions
• Waits
• Work with Alerts
• Work with Permissions (Microphone, Camera, Location, Notification)
• Dialog / Snackbar /Tooltip
• Handling all types of elements (Radio button, switch, checkbox,
dropdown, slider, chips)
• iFrame
• Setup & Teardown
• Intercept and Mocking
• Use JavaScript
• Cookie and Storage
• Hooks, Tags, and Annotations
• Multiple windows/tabs
• Headless testing
• Record, Report & Dashboard (e.q. Allure)

5
7- Mobile test automation (e.g Appium)

• Install requirements and tools needed

• Details of APK and IPA files
• packageName and MANIFEST.XML
• Phone Developer tools and USB debugging
• ADB & Shell commands
• Appium architecture and how it works
• Run Appium server (cable/wifi)
• Connect to real devices and emulators
• Desired capabilities
• Locating elements (UIAutomatorViewer, Appium desktop, Appium studio,
Katalon mobile spy)
• Mastering Appium studio
• Install / Uninstall APKs using tools and scripts (on real and virtual devices)
• Create a framework from scratch (e.g. Appium+Robotframework or
Java+Maven+TestNG)
• Assertions + Get attributes + Form validations
• Reading SMS
• Gestures actions (Swipe, Scroll vertically and horizontally, Drag and Drop)
• Handling all types of elements (Text box, checkbox, radio button, switch,
slider, drop-down, chips, badge, wheeler, date picker)
• Handling Alerts and Popups
• Setup & Teardown
• Tags and Annotations
• Record, Report & Dashboard (e.q. Allure)
• iOS automation: XCode, iOS simulator, XCUITest, UICatalog, and all the
previous subjects

6
8- Should know then:
• What and When to automate?
• Implement Data Driven Testing (DDT)
• Implement BDD framework
• Test automation design patterns
• Mastering Git
• Basic code review (peer review)
• Select testing strategy (tools and schedules)
• Parallelize and Multithreading
• Integrate test automation into CI/CD (Jenkins, CircleCI, Gitlab-CI, etc.)

9- API (Service) automation (backend automation):

• What is a web service and API?
• How do web services work?
• Response Codes
• Authentication and Authorization
• Monitor the backend using browser DevTools,
• Monitor mobile app backend using Fiddler, CharlesProxy, etc
• WSDL and UDDI
• Type of APIs (REST, Soap)
• Fixtures and Data-Driven API testing
• API Chaining
• Tools and frameworks:
• Postman (& Newman)
• Swagger
• RestAssured
• Katalon
• SoapUI
• Cypress
• Karate

7
10- Senior and Lead:
• Code coverage of test automation
• Calculate automated test ROI
• Distributing tests between multiple servers
• Create an in-house device farm (STF)
• Code review approval (code owner)
• Structuring QA Team and flow
• Interview and Hire
• Mentoring, Coaching, Consulting
• Perform webinars
• Create roadmaps, OKRs and KPIs, report to managers

11- Performance testing

• What is performance testing?

• User load definition
• Types of performance testing (Smoke, Stress/Spike, Load,
Soak/Endurance)
• Define goals
• Thresholds
• Correlations
• Results Analyze and Report
• SRE requirements
• Environment preparation and cleanup
• Mastering in tools and frameworks:
• jMeter
• k6.io
• Gatling
• Locust
• etc.
• Mobile app performance:
• Profiling
• CPU/RAM/Battery Usages
• Benchmarking

8
12- Security testing

• Methodology and Techniques

• Actions in each SDLC phase
• Authentication / Authorization
• Vulnerability/Security Scanning
• Attack Vectors
• Secret management
• Risk assessment
• Penetration testing
• Posture assessment
• Security auditing
• Ethical hacking
• Tools:
• KaliLinux
• Owasp
• Acunetix
• WireShark
• Intruder
• W3af

Just like a real project, break your goals to epics and

tasks, then define your sprints and Kanban boards!
Don’t forget to have a daily check and sprint review
with yourself! …!

Mohammad Monfared
https://www.linkedin.com/in/mohammad-monfared/