Negative Testing: Complete Tutorial

When we create a new product, we make sure that all the requirements are met, and the client gets the right product. But is that enough? Of course no and there comes the role of testers.

Testers do testing to show the existence of faults. The real objective of testing is to make sure that the software is defect free. A defect free system is a fault free system.

So we need to make sure that our system is 100% fault free, for that we have to do both positive and negative testing. Positive testing is nothing but testing done using the expected data and parameters.

In this tutorial, you will learn-

What is Negative testing

By just doing positive testing can only make sure our system is working in normal conditions, which will not assure the system is 100% fault free. We have to make sure that our system can handle unexpected conditions. Testing our system with these unexpected conditions is called Negative Testing.

Unexpected conditions can be anything from a wrong data type to a strong hacking attack. So making sure that the system can handle such situation very well when they actually face them.

Example of negative testing

We can go through some real life and software related examples to get close with negative testing.

Real life example

Consider the case of a lift which is a commonly considered example for negative testing.

We all know the functionality of a lift. These will be considered as the requirements of a lift like pressing the floor number make the lift go to that particular floor.

The door opens automatically once the lift reaches the specified floor and so on.

Now let's consider some negative scenarios for lift. Some of them are,

Negative Testing

Positive Testing
  • What happens if the number of persons (weight) exceeds the specified limit?
  • Assumes only specified number of persons will enter the lift
  • What happen if someone smoke or cause a fire inside the lift?
  • There won't be smoke or fire inside the lift
  • What happens if there is a power failure during operation?
  • There won't be a power failure during the working of the lift

All these cases will come under negative testing. The importance of this is that we can't make sure that all the above mentioned won't happen, so we need them contained.

Consider the case that the overweight condition is checked and on implementation, the lift performs abnormal when there is an overweight condition. This will make a potential impact on the reliability of the system and can even cause danger to life. This explains what is negative testing and its importance.

In software,

The same case is applied in software also. For negative testing, we have deviate from normal operational procedure. Let's go through some examples.

Consider a registration form for example.

Negative Testing

Positive Testing
  • Try to enter an invalid email id in the email field
  • Only valid email ids will be entered in email field
  • Try to enter an invalid phone number in phone number field (characters)
  • The only number will be entered in the number field
  • Upload image with a size out of specified boundary
  • Only images with size under specified boundary will be uploaded
  • Upload invalid files like XML, SQL, etc. files in image upload field
  • Upload only valid image formats like jpg.png, etc.

As we said earlier, we have to make sure in all these negative cases our system will work properly. Consider the case if someone tries to enter a character in the number field and the system can't process the unexpected data since it is expecting number, and finally, the system crashes. Or what if someone tries to do an SQL injection and erase all our data from the database. We can't bear such potential losses. So negative testing is important.

Is negative testing important?

Since testing is time and cost consuming task, deciding 'what', 'how' and 'how much' to test is really important. We have to choose wisely whether we have to do negative testing in our system or not. So let's have a look on the importance of negative testing.

Organization perspective

It is the responsibility of the organization to provide good quality product to its client. To achieve this, one has to do negative testing.

As a part of confirmation against a failure an organization have to do negative testing.

Maybe we can't build a 100% error free system, but we have to make sure that we have done everything to prevent a failure, in order to achieve that we should do negative testing.

The impact is one factor which we have to consider. Consider we have done positive testing on an e-commerce site and make sure everything is fine. But what if there is a loophole in our system that someone can do SQL injection and erase all our data. That will be a great security breach. To avoid this type of cases, one has to do negative testing too.

For applications open for public, mainly websites we have to always keep in mind that we don't have much control the using procedure of the application, so we have to do negative testing to make sure that all such cases are covered and contained.

Another thing we need to take care is that there are lot of black hackers out there who is looking for an opportunity to destroy the system. Hacking is an important case covered in negative testing

Client perspective

Clients always expect zero vulnerability products, in order to ensure that negative testing is a must

If it is a sensitive product like e-commerce, online stock, etc., then security and negative testing is a must.

The only concern to the client regarding negative testing is that the cost. But once the impact is analyzed it is up to the client to decide whether to do or not negative testing.

How to do negative testing

To do negative testing we have to consider all the possible cases. That is if it is possible we have to consider it in the test case no matter whether it is not the right way to use it. For example, if we see an email field think about all possible inputs we can put there other than correct email format. Same way when we see an image upload option, we have to test it with all possible files.

While creating negative test cases we have to prioritize the inputs otherwise, there will be a lot of cases possible. For example, for an image field where only '.png' files are supposed to enter we can have a lot of options to upload like 'jpeg', 'xml', 'xls', etc.. So we need to prioritize the options like xml and SQL can have greater impact than that of jpeg and xls so we should take care of SQL and XML cases first. Like this, we have to prioritize the cases before execution to save time and testing cost.

Pros and cons of negative testing

Like all other testing techniques, there are pros and cons for negative testing mainly based on the 'where', 'when' and 'how' to use. Let's take a look on this.

Pros and Cons of negative testing


  • As we all know negative testing is very important to ensure the quality of a product. A good quality product is a zero vulnerability product, to ensure that negative testing is very important.
  • Doing negative testing makes sure that all possible cases are covered. Intentionally or unintentionally there is a chance of negative test cases to occur. So to make sure all cases are covered we have to do negative testing along with positive testing.
  • Negative testing will make more confidence to the client before going live.


  • Negative testing in some cases becomes a waste of time and energy. In many cases, there is no need for excessive negative testing. For example, if an application is created for a single person use, then we don't have to consider the case that 100 user uses the system at a time. So deciding conditions in negative test cases is very important. There will be times where we don't have to do negative testing on a particular system. If we do negative testing on a
  • Require skilled and experienced people to create negative test cases.
  • To client negative testing is another thing that cause unnecessary delay in release and cost adder.
  • Chance that team spends more time and energy on negative testing. There is a chance that testers spend a lot of time and energy in negative testing that results in a lower concentration in positive testing.


Tutorial Index