When we create a new product, we make sure that all the requirements are met, and the client gets the right product. But is that enough? Of course no and there comes the role of testers.
Testers do testing to show the existence of faults. The real objective of testing is to make sure that the software is defect free. A defect free system is a fault free system.
So we need to make sure that our system is 100% fault free, for that we have to do both positive and negative testing. Positive testing is nothing but testing done using the expected data and parameters.
In this tutorial, you will learn-
By just doing positive testing can only make sure our system is working in normal conditions, which will not assure the system is 100% fault free. We have to make sure that our system can handle unexpected conditions. Testing our system with these unexpected conditions is called Negative Testing.
Unexpected conditions can be anything from a wrong data type to a strong hacking attack. So making sure that the system can handle such situation very well when they actually face them.
Example of negative testing
We can go through some real life and software related examples to get close with negative testing.
Real life example
Consider the case of a lift which is a commonly considered example for negative testing.
We all know the functionality of a lift. These will be considered as the requirements of a lift like pressing the floor number make the lift go to that particular floor.
The door opens automatically once the lift reaches the specified floor and so on.
Now let's consider some negative scenarios for lift. Some of them are,
All these cases will come under negative testing. The importance of this is that we can't make sure that all the above mentioned won't happen, so we need them contained.
Consider the case that the overweight condition is checked and on implementation, the lift performs abnormal when there is an overweight condition. This will make a potential impact on the reliability of the system and can even cause danger to life. This explains what is negative testing and its importance.
The same case is applied in software also. For negative testing, we have deviate from normal operational procedure. Let's go through some examples.
Consider a registration form for example.
As we said earlier, we have to make sure in all these negative cases our system will work properly. Consider the case if someone tries to enter a character in the number field and the system can't process the unexpected data since it is expecting number, and finally, the system crashes. Or what if someone tries to do an SQL injection and erase all our data from the database. We can't bear such potential losses. So negative testing is important.
Since testing is time and cost consuming task, deciding 'what', 'how' and 'how much' to test is really important. We have to choose wisely whether we have to do negative testing in our system or not. So let's have a look on the importance of negative testing.
It is the responsibility of the organization to provide good quality product to its client. To achieve this, one has to do negative testing.
As a part of confirmation against a failure an organization have to do negative testing.
Maybe we can't build a 100% error free system, but we have to make sure that we have done everything to prevent a failure, in order to achieve that we should do negative testing.
The impact is one factor which we have to consider. Consider we have done positive testing on an e-commerce site and make sure everything is fine. But what if there is a loophole in our system that someone can do SQL injection and erase all our data. That will be a great security breach. To avoid this type of cases, one has to do negative testing too.
For applications open for public, mainly websites we have to always keep in mind that we don't have much control the using procedure of the application, so we have to do negative testing to make sure that all such cases are covered and contained.
Another thing we need to take care is that there are lot of black hackers out there who is looking for an opportunity to destroy the system. Hacking is an important case covered in negative testing
Clients always expect zero vulnerability products, in order to ensure that negative testing is a must
If it is a sensitive product like e-commerce, online stock, etc., then security and negative testing is a must.
The only concern to the client regarding negative testing is that the cost. But once the impact is analyzed it is up to the client to decide whether to do or not negative testing.
To do negative testing we have to consider all the possible cases. That is if it is possible we have to consider it in the test case no matter whether it is not the right way to use it. For example, if we see an email field think about all possible inputs we can put there other than correct email format. Same way when we see an image upload option, we have to test it with all possible files.
While creating negative test cases we have to prioritize the inputs otherwise, there will be a lot of cases possible. For example, for an image field where only '.png' files are supposed to enter we can have a lot of options to upload like 'jpeg', 'xml', 'xls', etc.. So we need to prioritize the options like xml and SQL can have greater impact than that of jpeg and xls so we should take care of SQL and XML cases first. Like this, we have to prioritize the cases before execution to save time and testing cost.
Pros and cons of negative testing
Like all other testing techniques, there are pros and cons for negative testing mainly based on the 'where', 'when' and 'how' to use. Let's take a look on this.
- As we all know negative testing is very important to ensure the quality of a product. A good quality product is a zero vulnerability product, to ensure that negative testing is very important.
- Doing negative testing makes sure that all possible cases are covered. Intentionally or unintentionally there is a chance of negative test cases to occur. So to make sure all cases are covered we have to do negative testing along with positive testing.
- Negative testing will make more confidence to the client before going live.
- Negative testing in some cases becomes a waste of time and energy. In many cases, there is no need for excessive negative testing. For example, if an application is created for a single person use, then we don't have to consider the case that 100 user uses the system at a time. So deciding conditions in negative test cases is very important. There will be times where we don't have to do negative testing on a particular system. If we do negative testing on a
- Require skilled and experienced people to create negative test cases.
- To client negative testing is another thing that cause unnecessary delay in release and cost adder.
- Chance that team spends more time and energy on negative testing. There is a chance that testers spend a lot of time and energy in negative testing that results in a lower concentration in positive testing.