Tutorial 1: Design a Test Strategy Document
- Contributor
- 3 days ago
- 3 min read
A test strategy is the document that aligns your team on testing approach. Not the test plan for a specific project — the overall how-we-test for the product. This tutorial walks through writing one.
What You'll Build
A 2-page test strategy doc that anyone joining the team can read to understand how testing works.
Step 1: Pick the Scope (5 min)
Match scope to the artifact:
Product-wide: covers the whole codebase
Service-specific: for a single service in a microservices org
Project-specific: for a major project
For a typical team, product-wide. Specific projects can have their own focused doc that references this.
Step 2: Define Quality Goals (15 min)
What does "good quality" mean for this product?
Pick 3-5 attributes. Be specific:
## Quality Goals
- Reliability: 99.9% uptime measured monthly
- Performance: p95 response < 800ms for user-facing endpoints
- Security: SOC 2 Type II compliance maintained
- Accessibility: WCAG 2.1 AA conformance
- Compatibility: latest 2 versions of Chrome, Safari, Firefox; iOS 16+
Don't list every possible quality attribute. Pick the ones that matter most for your product.
Step 3: Identify Risk-Based Priorities (15 min)
Where are the risks concentrated?
## Where We Focus
- Authentication and authorization: critical; concentrate coverage
- Payment flows: critical; isolated test environments + contract tests
- Data integrity: critical; integration tests + DB invariants
- UI consistency: medium; visual regression at key flows
- Reporting: lower priority; functional tests only
This is the team's allocation of testing investment. Not everything gets equal attention.
Step 4: Pick a Test Pyramid Shape (10 min)
Different shapes fit different contexts:
## Test Levels
We use a Test Trophy shape:
- Foundation: types + lint (catches mechanical bugs)
- Unit tests (~30%): pure logic, data transformations
- Integration tests (~50%): primary investment; real DB, real APIs
- E2E tests (~10%): critical user journeys only
- Manual exploratory (~10%): for areas hard to automate
Document the shape and why. Different teams legitimately have different shapes.
Step 5: List Test Types and Cadences (10 min)
## Test Types
| Type | Cadence | Tool |
|------|---------|------|
| Unit | Every commit (CI) | pytest |
| Integration | Every commit (CI) | pytest + testcontainers |
| E2E smoke | Every PR | Playwright |
| Full E2E | On merge to main | Playwright |
| Performance | Weekly | k6 |
| Security SAST | Every commit | Semgrep |
| Security DAST | Weekly | OWASP ZAP |
| Accessibility | Every PR | axe in Playwright |
| Manual exploratory | Pre-release | Tester |
The cadence matters as much as the type.
Step 6: Define Environments (10 min)
## Environments
- Local: developer machines; full stack via docker-compose
- CI: GitHub Actions; runs unit + integration + smoke E2E on PRs
- Staging: production-mirror; full E2E suite + performance + DAST
- Production: monitoring + smoke synthetic checks every 5 min
Make sure each environment serves a purpose. Don't accumulate test environments without explicit roles.
Step 7: Roles and Responsibilities (10 min)
## Who Does What
- Developers: write and maintain unit and integration tests
- QA: own E2E suite, exploratory testing, release gate
- SRE: own performance tests and production monitoring
- Security: own SAST/DAST configuration and findings triage
- Customer support: feed production issues back to engineering
When unclear, things fall through cracks.
Step 8: Document Out-of-Scope (5 min)
What you don't test, explicitly:
## Out of Scope
- IE11 (deprecated; not supported by product)
- Performance at >10x current peak (no business case)
- Vendor-provided SaaS components (contract testing only)
- Marketing pages (separate codebase)
Explicit out-of-scope prevents future debate.
Step 9: Set Metrics (10 min)
## How We Know It's Working
- Test coverage by component (target: critical paths >90%, rest >60%)
- Defect escape rate (target: <5% — bugs found in production vs. earlier)
- Time to detect for P0 incidents (target: <30 min)
- Test execution time on PRs (target: <15 min)
- Flakiness rate (target: <2%)
Pick 4-6. Track over time.
Step 10: Assemble and Share (10 min)
# Test Strategy: [Product Name]
Last updated: [date]
Owner: [name]
## Quality Goals
[3-5 attributes with specifics]
## Where We Focus
[Risk-based priorities]
## Test Levels
[Pyramid shape with allocation]
## Test Types and Cadences
[Table]
## Environments
[Purpose of each]
## Roles
[Who does what]
## Out of Scope
[What we don't test]
## Metrics
[How we measure]
Share to the team. Get feedback. Update.
What You Just Did
You created the team's testing reference. New team members read it on day one. Decisions about where to invest reference it. The strategy evolves over time but provides anchoring.
Common Failure Modes
Too long. 30-page strategy nobody reads. Two pages.
Aspirational. Describes what you wish; not what you do. Honest.
Static. Written once, never updated. Schedule annual review.
Vague. "We aim for high quality." Specific.
Skipped out-of-scope. Without it, scope creeps.


