QA / SDET (Software Development Engineer in Test)

The Software Development Life Cycle (SDLC) and Software Testing Life Cycle (STLC) are structured processes governing how software is built and tested. Functional testing verifies behavior against requirements, while non-functional testing covers performance, security, and usability. The test pyramid is a model recommending many unit tests, fewer integration tests, and the fewest end-to-end tests to optimize speed and reliability.

Why it matters · Gives you a shared language with engineers and the mental model for where each kind of automated test belongs (many unit, fewer integration, fewest E2E).

Test design techniques are systematic methods for selecting representative inputs from a large input space. Equivalence partitioning groups inputs into classes that should behave identically, boundary value analysis targets the edges of those classes, decision tables map condition combinations to expected outcomes, and state transition testing models system behavior as it moves between states.

Why it matters · They collapse an effectively infinite input space into a small set of high-value cases, the most useful manual-testing skill and a recurring interview topic.

Bug reports are structured documents that describe a defect with steps to reproduce, expected behavior, and actual behavior, enabling developers to diagnose and fix issues efficiently. Test cases specify preconditions, inputs, and expected results for a specific scenario. Exploratory testing is an unscripted approach where testers simultaneously design and execute tests, leveraging domain knowledge to uncover defects that predefined scripts miss.

Why it matters · Clear, reproducible bug reports and operating inside sprints are day-one expectations; exploratory testing surfaces what scripted tests miss.

The ISTQB Certified Tester Foundation Level (CTFL) is an internationally recognized certification covering core software testing principles, processes, and techniques as defined by the International Software Testing Qualifications Board. Version 4.0 of the syllabus updated the content to include modern practices such as shift-left testing and Agile contexts. It is widely recognized in enterprise environments and European markets as a baseline credential for QA professionals.

Why it matters · A recognizable credential in enterprise and EU markets, but it certifies vocabulary rather than skill, study the syllabus for free and pay for the exam only if your target market rewards it.

JavaScript is a dynamically typed, event-driven programming language that runs natively in browsers and on servers via Node.js. TypeScript is a statically typed superset of JavaScript that compiles to plain JavaScript, adding type annotations and improved tooling. Both are the primary languages for modern web test automation frameworks such as Playwright and Cypress.

Why it matters · It is the native language of today's dominant web tools (Playwright, Cypress) and the most common requirement for web SDET roles; TypeScript's static types are now the default.

Python is a dynamically typed, general-purpose programming language known for its readable syntax and extensive standard library. In test engineering it is commonly used for API testing, data validation, and scripting, with pytest serving as its dominant test framework. Python also integrates naturally with data science, AI, and ML tooling.

Why it matters · The best fit for API testing, data validation, and AI/ML tooling, with pytest as a leading API-test stack; it widens the roles you qualify for. Many postings list Java or C# instead, pick what your target market uses.

The command line (terminal or shell) is a text-based interface for interacting with an operating system, running scripts, and managing processes. Object-oriented programming (OOP) organizes code around classes and objects, enabling patterns like the Page Object Model in test frameworks. JSON (JavaScript Object Notation) is the dominant data format for API payloads and test configuration, represented as key-value pairs, arrays, and nested objects.

Why it matters · You will live in the terminal, model page objects with classes, and parse JSON constantly for API tests and test data.

Git is a distributed version control system that tracks changes to code over time, supporting branching, merging, and collaboration across teams. GitHub is a cloud-hosted platform built on Git that adds pull requests, code review workflows, and integrated CI/CD through GitHub Actions. Together they form the standard toolchain for managing test code alongside application source code.

Why it matters · Your test code lives in the same repository as the app; branching, pull requests, and reviews are required in most postings and assumed in every interview.

Playwright is an open-source end-to-end browser automation framework developed by Microsoft that supports Chromium, Firefox, and WebKit. It features built-in auto-waiting (reducing flaky tests), parallel test execution, network interception, and a trace viewer for debugging failures. As of 2026 it is the most rapidly adopted web automation framework, with approximately 33 million weekly npm downloads.

Why it matters · It overtook Selenium in 2026 (~45% adoption, ~33M weekly npm downloads, fast-rising demand) and brings auto-waiting (far fewer flaky tests), built-in parallelism, and a trace viewer, the strongest single bet for a new SDET.

The Page Object Model (POM) is a design pattern that encapsulates UI interactions for each page into a dedicated class, reducing duplication and improving maintainability. Fixtures provide reusable setup and teardown logic for test suites, while data-driven testing parameterizes a single test with multiple input sets. Structured reporting (such as HTML or JUnit XML reports) surfaces test results in a consumable format for teams and CI dashboards.

Why it matters · Anyone can record a script; teams hire people who can architect a maintainable suite, page objects, reusable fixtures, parameterized data, and useful reports.

Selenium is an open-source browser automation library that controls browsers through the W3C WebDriver protocol, supporting Chrome, Firefox, Safari, and Edge. It is the most widely established framework in test automation and forms the basis of Appium for native mobile testing. Selenium remains the dominant choice in enterprise and legacy technology stacks.

Why it matters · Still the highest raw count in job postings and the standard for legacy/enterprise stacks and (via Appium) native mobile; being fluent in both Playwright and Selenium broadens your options and pay range.

Cypress is a JavaScript-based end-to-end testing framework that runs directly inside the browser, enabling time-travel debugging and real-time reloading during test development. It is optimized for testing modern web applications and provides a built-in test runner with automatic waiting and detailed command logs. Cypress primarily supports Chromium-based browsers and Firefox, with limited Safari coverage and no native mobile browser support.

Why it matters · Popular with JS dev teams for its time-travel debugging, but Chromium/Firefox-centric with weaker Safari support and no native mobile, pick it up only if a target employer uses it.

HTTP (Hypertext Transfer Protocol) is the foundational communication protocol of the web, defining methods (GET, POST, PUT, DELETE), status codes, and headers for client-server interactions. REST (Representational State Transfer) is an architectural style for designing APIs that uses HTTP methods and JSON payloads to expose resources. Postman is a desktop and web tool for manually sending HTTP requests, inspecting responses, and documenting APIs.

Why it matters · You must understand methods, status codes, headers, auth, and payloads before automating; Postman is the universal tool for exploring and documenting APIs.

Automated API testing involves writing code that sends HTTP requests to an application's endpoints and asserts on the responses, status codes, and data shapes. Playwright's APIRequestContext allows API calls within the same test framework used for UI tests. REST Assured is a Java DSL for HTTP assertions, and pytest combined with the requests library is the standard Python approach.

Why it matters · Code-driven API tests run in CI on every commit; REST Assured (Java) and Playwright's API testing are common production choices.

Contract testing is a technique that verifies interactions between services by capturing and replaying agreed-upon request-response pairs called contracts, without requiring both services to run simultaneously. Pact is the most widely adopted consumer-driven contract testing framework, supporting multiple languages and a central Pact Broker for sharing contracts. It is particularly valuable in microservice architectures to detect integration regressions early in the development cycle.

Why it matters · In service-heavy orgs, consumer-driven contracts catch integration breaks before production without a shared test environment, a strong senior differentiator.

CI/CD (Continuous Integration and Continuous Delivery) pipelines automate the building, testing, and deployment of software on each code change. GitHub Actions is a workflow automation platform built into GitHub that uses YAML configuration files to define pipeline steps triggered by events such as pull requests. Jenkins and GitLab CI are alternative pipeline systems commonly found in enterprise and self-hosted environments.

Why it matters · Running tests on every PR and blocking merges on failure is the core SDET deliverable; GitHub Actions is the easiest modern on-ramp and Playwright ships a ready-made workflow.

Docker is a platform for building, distributing, and running applications inside lightweight, isolated containers that package code along with its dependencies. Containers ensure that test suites execute identically across a developer's machine, CI servers, and staging environments, eliminating environment-specific failures. Docker Compose extends this to orchestrate multi-container setups, such as a test runner paired with a database or mock service.

Why it matters · Containers make tests behave identically on your machine and in CI and are expected by many of the higher-paying SDET and test-architect roles.

SQL (Structured Query Language) is the standard language for querying and manipulating relational databases such as PostgreSQL, MySQL, and SQLite. In test engineering, SQL is used to seed test data, verify that application actions correctly persisted records, and clean up state between test runs. Database assertions alongside UI or API checks provide end-to-end confidence in data integrity.

Why it matters · You will query the database to seed test data and confirm that actions actually persisted correctly; SQL is listed in the majority of SDET postings.

Behavior-Driven Development (BDD) is a practice where tests are written as human-readable specifications that describe system behavior from a business perspective. Cucumber is a framework that parses Gherkin, a structured natural-language syntax using Given-When-Then steps, and maps each step to executable code. BDD tooling bridges communication between non-technical stakeholders and engineers by keeping specifications and tests in the same artifact.

Why it matters · Common in enterprise teams that want business-readable specs; worth being able to read and use, but not a beginner essential.

Performance testing measures how a system behaves under expected and peak load, checking response times, throughput, and resource utilization. k6 is a modern, JavaScript-scripted load testing tool designed for CI integration and developer workflows, with low resource overhead. Apache JMeter is a Java-based tool with a graphical interface that remains prevalent in enterprise organizations and supports a broad range of protocols.

Why it matters · Proving systems hold up under load is a high-value SDET specialization; k6 is the modern default (JS-scripted, CI-native, light on resources) while JMeter persists in enterprises.

AI-assisted testing uses large language models and agentic frameworks to generate test cases, suggest locators, and repair broken selectors when the application changes (self-healing). Playwright's MCP integration and similar tooling allow AI agents to drive browsers and produce or update test scripts with minimal manual intervention. Effective use of these tools requires critically evaluating generated output for correctness, coverage gaps, and false confidence.

Why it matters · AI test authoring and maintenance is becoming mainstream across QA teams; the new core skill is driving these tools AND judging when their output is wrong, knowing what to trust is the durable advantage.

The OWASP Top 10 is a regularly updated list of the most critical web application security risks, including injection attacks, broken authentication, cross-site scripting (XSS), and insecure configurations, published by the Open Worldwide Application Security Project. Security testing applies techniques such as input fuzzing, authentication boundary checks, and authorization verification to detect these vulnerabilities. Incorporating OWASP-based checks into a test suite extends quality assurance into the security domain.

Why it matters · Awareness of common vulnerabilities (injection, broken auth, XSS) lets you fold basic security checks into your suite, a differentiator rather than a beginner requirement.

A public automation portfolio is a GitHub repository containing a complete, runnable test framework that demonstrates practical skills including test organization, design patterns, CI integration, and reporting. A representative portfolio typically includes a Page Object Model Playwright suite for UI tests alongside REST API tests, all executing in a GitHub Actions workflow on every commit. It serves as concrete, verifiable evidence of engineering capability beyond a resume.

Why it matters · Interviewers want proof, not claims, a GitHub repo with a Page-Object Playwright suite plus API tests running green in GitHub Actions is your strongest signal.