Software testing is all about validating whether an application works as expected. You use many different types of testing to get there, such as unit testing, integration testing, functional testing, sanity testing, smoke testing, or regression testing, but all of these fall into one of two categories: positive testing and negative testing.
While most testers understand the need for positive software testing—checking to see whether a given application works as expected—many underrate the importance of negative testing.
Positive testing tests positive scenarios—for example, happy paths with valid data—whereas negative testing, also called failure testing, helps determine the conditions under which an application will fail.
Here's why more testers don't do more negative testing, the value that this testing approach brings, and best practices for using it.
What is negative testing?
With positive testing, you test an application with a valid, expected set of data. Typically you run your tests then validate if the application behaves as expected with that data. You don't expect exceptions when doing positive testing.
Unlike with positive testing, however, in negative testing throwing an error is not considered an unexpected event. Exceptions aren't welcome, but are expected since you are testing your application with invalid data.
Negative testing shows how your application handles invalid data. You test the software by inserting invalid data and compare the expected output against the incorrect input, to ensure that your application won't crash.
Negative testing is not actually "negative"—think of it as real-world testing. When you perform both positive and negative testing, the result is bug-free, better software.
So don't go negative on negative testing. You need to make it an integral part of your testing strategy.
Why testers are reluctant to perform negative testing
Many testers are reluctant to write or engage in negative testing because they feel that it might be a waste of time and energy and that it will delay the software's release.
Some fear it will become a distraction, while others may lack the skills, which include understanding how and where the application has been deployed, knowing the configuration used by the application, and having a good understanding of the data bounds and limits.
Still others worry that they'll get so involved with negative testing that positive testing of the application's basic functionality won't get completed.
And there's some truth to that: If you are writing and executing too many negative tests, the release cycle of the application might be affected, and your releases could get delayed. To perform negative testing, you need testers who are skilled in it.
Negative testing in practice: How is it performed?
Typically, a team of testers has the task of performing negative testing. You need two things to get started: negative test cases and invalid data to test. You write negative test cases that satisfy multiple scenarios, and test those negative scenarios using invalid data.
Here are two common techniques for negative testing:
Boundary value analysis
In this strategy you write the test cases for values outside the boundary limits. For example, if you are testing a text field that accepts characters and that has a limit of 1 to 50 characters, your boundary limits will be 1 and 50.
Equivalence partitioning
Here you group the input values into different partitions and test a few values in each partition. As an example, if the text field accepts data between 1 and 50 characters, the partitions will be 0 to 1, 1 to 50, and 50 to 100.
Equivalence partitioning is a type of black-box testing you can use to test an application's functionality. When performing it, you need fewer test cases while not compromising on the functionality of the application.
Negative testing in practice: A real-world example
Assume you have a login screen in an application with two text boxes—one for the username and the other for the password—with the following requirements:
- Username cannot be blank and will be characters only.
- Username can be a maximum of 10 characters.
- The password cannot be blank and can include any combination of the letters a-z and A-Z and the numbers 0-9. No other characters are allowed.
- The password can be a maximum of 10 characters.
Positive test scenarios include these:
- Username: ABCEDFGHIJKL (more than 10 characters)
- Password: abcdefgh100 (more than 10 characters)
- Username: joydip (validate username with valid data)
- Password: abcde123 (validate password with valid input data)
- Verifying if the user can login using valid credentials
On the other hand, negative test scenarios include these:
- Username: 123*_ (special characters and numbers in username)
- Password: \{ ^* & (special characters and blank spaces in password)
- Pressing the back button on your web browser
- Validating username and password against SQL injection attack
The intent of entering such characters is to check whether the application can handle unexpected behavior or invalid input—in other words, negative testing—which in turn helps with quality assurance.
Best practices
An application's ability to withstand well-written negative tests goes a long way toward ensuring that you're building stable, reliable applications.
When writing negative tests, consider the boundaries. You should have the use cases with you, and a good understanding of the functional requirements of the application before you write negative tests.
Write positive tests when you are building the application. Write negative tests to improve your code coverage.
Increase your negative testing expertise
Negative testing, while important, is often neglected because teams lack the necessary skills to do it. Don't let that hold you back. Negative and positive testing are equally important, so take advantage of both to ensure that your applications are reliable and stable.
While there are no testing tools available specifically for negative testing, you can use general testing tools such as Selenium or Cucumber to write automation scripts. The important thing is just to get started—and soon.
Keep learning
Take a deep dive into the state of quality with TechBeacon's Guide. Plus: Download the free World Quality Report 2022-23.
Put performance engineering into practice with these top 10 performance engineering techniques that work.
Find to tools you need with TechBeacon's Buyer's Guide for Selecting Software Test Automation Tools.
Discover best practices for reducing software defects with TechBeacon's Guide.
- Take your testing career to the next level. TechBeacon's Careers Topic Center provides expert advice to prepare you for your next move.