Risk-Based Testing
Triết lý
Không thể test mọi thứ. Ưu tiên test theo RISK = Probability × Impact.
Quy trình 5 bước
- Identify risks — workshop với dev, PM, support.
- Analyze — probability + impact mỗi risk.
- Prioritize — ma trận 3×3 hoặc 5×5.
- Mitigate — test coverage theo priority.
- Monitor — review production incidents → feedback loop.
Risk matrix 3×3
| Prob \ Impact | Low | Medium | High |
|---|
| High | M | H | Critical |
| Medium | L | M | H |
| Low | L | L | M |
Test depth theo risk
- Critical → full automation + manual exploratory + production monitoring.
- High → automation + manual smoke.
- Medium → automation regression.
- Low → smoke only.
Risk categories common
- Business — feature ảnh hưởng revenue.
- User — UX critical path (login, checkout).
- Technical — third-party integration, scalability.
- Compliance — VN ATTT, GDPR, PCI-DSS, SBV.
- Reputational — PR risk khi bug viral.
VN banking example
- Critical: chuyển khoản, OTP.
- High: balance display, transaction history.
- Medium: profile update.
- Low: avatar upload.
→ 80% test effort dồn vào critical + high.