NEGATIVE TESTING is a software testing type that checks a system for unexpected input data and conditions. Unexpected conditions can be anything from a wrong data type to a strong hacking attack. The purpose of negative testing is to prevent applications from crashing due to negative inputs.
By just doing positive testing we can only make sure our system is working in normal conditions. We have to make sure that our system can handle unexpected conditions to ensure a 100% fault-free system.
In this tutorial, you will learn-
- What is Negative Testing?
- Example of Negative Testing
- Why do Negative Testing?
- How to do Negative Testing
- Advantages of Negative Testing
- Disadvantages of Negative Testing
Consider the case of a lift which is a commonly considered example of negative testing.
We all know the functionality of a lift. These will be considered as the requirements of a lift like pressing the floor number make the lift go to that particular floor.
The door opens automatically once the lift reaches the specified floor and so on.
Now let's consider some negative scenarios for lift. Some of them are,
| || |
| || |
| || |
All these cases will come under negative testing. The importance of this is that we can't make sure that all the above mentioned won't happen, so we need them contained.
Consider the case that the overweight condition is checked and on implementation, the lift performs abnormal when there is an overweight condition. This will make a potential impact on the reliability of the system and can even cause danger to life. This explains what is negative testing and its importance.
The same case is applied in software also. For negative testing, we have deviated from a normal operational procedure. Let's go through some examples.
Consider a registration form for example.
| || |
| || |
| || |
| || |
As we said earlier, we have to make sure in all these negative cases our system will work properly. Consider the case if someone tries to enter a character in the number field and the system can't process the unexpected data since it is expecting a number, and finally, the system crashes. Or what if someone tries to do an SQL injection and erase all our data from the database. We can't bear such potential losses. So negative testing is important.
Since testing is time and cost consuming task, deciding 'what', 'how' and 'how much' to test is really important. We have to choose wisely whether we have to do negative testing in our system or not. So let's have a look at the importance of negative testing.
It is the responsibility of the organization to provide a good quality product to its client. To achieve this, one has to do negative testing.
As a part of confirmation against a failure, an organization has to do negative testing.
Maybe we can't build a 100% error free system, but we have to make sure that we have done everything to prevent a failure, in order to achieve that we should do negative testing.
The impact is one factor which we have to consider. Consider we have done positive testing on an e-commerce site and make sure everything is fine. But what if there is a loophole in our system that someone can do SQL injection and erase all our data. That will be a great security breach. To avoid this type of cases, one has to do negative testing too.
For applications open for public, mainly websites we have to always keep in mind that we don't have much control the using procedure of the application, so we have to do negative testing to make sure that all such cases are covered and contained.
Another thing we need to take care is that there are a lot of black hackers out there who are looking for an opportunity to destroy the system. Hacking is an important case covered in negative testing
Clients always expect zero vulnerability products, in order to ensure that negative testing is a must
If it is a sensitive product like e-commerce, online stock, etc., then security and negative testing is a must.
The only concern to the client regarding negative testing is that the cost. But once the impact is analyzed it is up to the client to decide whether to do or not negative testing.
To do negative testing we have to consider all the possible cases. That is if it is possible we have to consider it in the Test Case no matter whether it is not the right way to use it. For example, if we see an email field think about all possible inputs we can put there other than correct email format. Same way when we see an image upload option, we have to test it with all possible files.
While creating negative test cases we have to prioritize the inputs otherwise, there will be a lot of cases possible. For example, for an image field where only '.png' files are supposed to enter we can have a lot of options to upload like 'jpeg', 'xml', 'xls', etc.. So we need to prioritize the options like XML and SQL can have greater impact than that of jpeg and xls so we should take care of SQL and XML cases first. Like this, we have to prioritize the cases before execution to save time and testing cost.
Pros and cons of negative testing
Like all other testing techniques, there are pros and cons for negative testing mainly based on the 'where', 'when' and 'how' to use. Let's take a look at this.
- As we all know negative testing is very important to ensure the quality of a product. A good quality product is a zero vulnerability product, to ensure that negative testing is very important.
- Doing negative testing makes sure that all possible cases are covered. Intentionally or unintentionally there is a chance of negative test cases to occur. So to make sure all cases are covered we have to do negative testing along with positive testing.
- Negative testing will make more confidence to the client before going live.
- In Software Engineering, Negative testing in some cases becomes a waste of time and energy. In many cases, there is no need for excessive negative testing. For example, if an application is created for single person use, then we don't have to consider the case that 100 user uses the system at a time. So deciding conditions in negative test cases are very important. There will be times where we don't have to do negative testing on a particular system.
- Require skilled and experienced people to create negative test cases.
- To the client, negative testing is another thing that causes unnecessary delay in release and cost adder.
- A chance that a team spends more time and energy on negative testing. There is a chance that testers spend a lot of time and energy in negative testing that results in a lower concentration in positive testing.