In an automation training program I put together, introduced folks to learn about risk based testing.

While there is a lot that can be said about it, here are two main types of risk assessments:

Inside out risks:

– Look at how different components across your tech stack interact with each other

– Walk through the control structure (#STPA could be good tool) and highlight risks

Outside in risks:

– How your customer sees your application, from the outside in, the behavior of the application

– This is what usually testers are more focused on

It’s important for automation engineers to be good testers first, and therefore practice ‘testing well’

I am also perturbed when testers are unwilling to do ‘inside out’ risk assessment, IMHO mostly that’s due to lack of willingness to get into technical details.

Reference links in comments

#RSQ #Testing #RiskBasedTesting #RBT

Risk based testing: https://www.satisfice.com/download/heuristic-risk-based-software-testing

STPA: http://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/Systems-Theoretic-Process-Analysis-STPA-v9-v2-san.pdf