digitalfortress-dev · Nga1102 · Jul 30, 2025 · Jul 30, 2025 · Aug 14, 2025 · Aug 14, 2025
diff --git a/pages/development/testing/api-testing.mdx b/pages/development/testing/api-testing.mdx
@@ -0,0 +1,108 @@
+## 1. What is API Testing?
+
+### Definition:
+API Testing is the process of testing **Application Programming Interfaces (APIs)** directly to ensure that:
+
+- The data exchange between systems is **correct and consistent**.
+- The API functions properly according to **technical specifications**.
+- The responses are accurate in **format, security, and performance**.
+
+💡 *Think of API as a bridge between the frontend and the backend.*  
+It has no graphical interface, so testers use tools like **Postman, Swagger, or Curl** to send requests and check responses.
+
+
+---
+
+## 2. How to Perform API Testing?
+
+### Step 1: Understand the API to Test
+
+Read the API documentation to know:
+
+- **Endpoint, Method**: GET, POST, PUT, DELETE
+- **Input Parameters**: Query, Path, Body, Header
+- **Expected Response**: Status code, JSON/XML format, response body
+- **Authentication Requirements**: Token, API key, OAuth?
+
+---
+
+### Step 2: Use Tools to Send Requests and Get Responses
+
+- Most commonly used tools: **Postman**, **Swagger UI**
+- Useful for sending test requests and analyzing responses
+
+---
+
+### Example: Test `POST /api/login`
+
+| Field   | Value                                |
+|---------|--------------------------------------|
+| URL     | `https://domain.com/api/login`       |
+| Method  | `POST`                                |
+| Headers | `Content-Type: application/json`      |
+| Body    | `{"username":"test01", "password":"abc123"}` |
+
+**Expected Result:**
+
+```json
+{
+  "status": "success",
+  "token": "eyJhbGciOiJIUzI1NiIsInR..."
+}
+```
+
+Status Code: `200 OK`
+
+💡 *Test cases can be written and managed in tools like Excel.*
+
+---
+
+### Step 4: Test Authentication and Authorization
+
+Many APIs require a valid token or key to access resources. You should:
+
+- Test with a **valid token** → Should return data (success)
+- Test with an **expired or invalid token** → Should return 401 Unauthorized
+- Test with **no token** → Should return 401 Unauthorized
+- Test **role-based access** → e.g. only Admins can access `/api/admin`
+
+---
+
+### Step 5: Validate Status Codes and Responses
+
+Check that the API returns correct **HTTP status codes** and the **response structure** is accurate.
+
+| HTTP Code | Meaning                        |
+|-----------|--------------------------------|
+| 200 OK    | Request successful             |
+| 201 Created | New resource created         |
+| 400 Bad Request | Invalid input            |
+| 401 Unauthorized | Missing or invalid auth |
+| 403 Forbidden | No permission              |
+| 404 Not Found | Endpoint does not exist    |
+| 500 Internal Server Error | Server crash   |
+
+
+---
+
+### Step 6: Apply Common Testing Techniques
+
+| Technique           | Description                                                  |
+|---------------------|--------------------------------------------------------------|
+| Positive Testing    | Valid input, expect successful result                        |
+| Negative Testing    | Invalid input, missing field, wrong formats                  |
+| Boundary Testing    | Test value limits (e.g. string length, number ranges)        |
+| Security Testing    | Test unauthorized access, SQL injection, XSS, etc.           |
+| Schema Validation   | Make sure response follows expected JSON/XML schema          |
+| Performance Testing | Check speed & stability under load (using JMeter, K6, etc.)  |
+
+---
+
+### Step 7: Report Bugs Clearly
+
+If the API does not behave as expected, report the issue with all necessary details:
+
+- Title, endpoint, input
+- Expected result vs. actual result
+- Screenshots/logs, severity level
+- Use Redmine or Excel to manage bugs
diff --git a/pages/development/testing/manual-testing.mdx b/pages/development/testing/manual-testing.mdx
@@ -0,0 +1,95 @@
+---
+title: Manual Testing
+description: Foundation - Manual testing for QA
+---
+
+## 1. What is Manual Testing? 
+
+**Manual Testing** it is a form of software testing in which the tester manually performs actions on the software (without using automation tools) to:
+
+- Verify whether the software functions as expected.
+- Check whether the software operates according to the requirement.
+
+---
+
+## Characteristics of Manual Testing:
+
+| Criteria                              | Description                                                          |
+|---------------------------------------|----------------------------------------------------------------------|
+| **No automation tools used**        | Testers perform actions manually without using scripts to run tests    |
+| **User-focused perspective** | Simulates the experience of a real end-user                                   |
+| **Applied to functionality & UI** | Especially effective for UI testing, usability, and exploratory testing      |
+| **Suitable for frequently changing software**     | Updating automated test scripts can be time-consuming |
+
+
+## 2. How to do Manual Testing?
+
+## The basic manual testing process includes:
+
+---
+
+### Step 1: Requirement Analysis
+
+**Objective:** To clearly understand how the application under test works.
+
+- Read documents such as: SRS, PRD, Use Case, User Story, etc.
+- Discuss with the BA or Developer if any requirements are unclear.
+- Identify key features and important functionalities that need to be tested.
+
+---
+
+### Step 2: Write Test Case
+
+**Objective:** Create a clear and comprehensive test plan covering all necessary steps.
+
+📄 **Refer to the test case template:**  
+👉 [Open the Test Case template ](https://docs.google.com/spreadsheets/d/1vRh9sIMJBIWO-IVh2ImgZ0zgEuxDI2wn/edit?usp=sharing&ouid=106078261355383157012&rtpof=true&sd=true)
+
+Writing test cases helps ensure systematic testing and prevents omissions.
+
+
+---
+
+### Step 3: Test Environment Setup
+
+- Has the application been deployed to the test environment?
+- Is a test account required?
+- Does the database contain the necessary test data?
+- Are the test devices and browsers ready?
+
+---
+
+### Step 4: Test Execution
+
+- Execute each step in the test case.
+- Compare the actual result with the expected result.
+- Record the result (Pass/Fail).
+- If an issue is found → proceed to the next step.
+
+---
+
+### Step 5: Bug Reporting
+
+Use tools such as: **Jira**, **Azure DevOps**, **Redmine**...
+
+
+
+---
+
+### Step 6: Retest and Regression Testing
+
+- After the developer fixes a bug → perform retesting to confirm the issue has been resolved.
+- If the fix may impact other parts of the system → perform regression testing.
+
+
+---
+
+### Step 7: Test Report
+
+The report should include:
+- Total number of test cases: how many passed / failed?
+- Total bugs found and how many have been fixed.
+- Any issues encountered during testing and remaining risks.
+
+
+👉 [Open the Test Report template ](https://docs.google.com/spreadsheets/d/1oOegl6yD2VhMq4G_hqxkuY1jx-cpkcYG/edit?usp=sharing&ouid=106078261355383157012&rtpof=true&sd=true)