Saturday, February 4, 2017

Negative testing Checklist | David Tzemach

The Negative testing approach is relevant to many areas of any given software; this list will review the main possible areas that are suitable to this testing approach.

תוצאת תמונה עבור ‪defect free software does not exist‬‏

Input Fields

Every object in a software is designed based on the software preliminary demands that are located in the software requirements specification(SRS) document. Among this different objects, we can find the “Input” fields, in most cases that SRS doc will specify a few mandatory specifications that the field should support, these specific requirements are crucial to the test team to understand how to design both the “Negative” and “Positive” test scenarios.

The field Length

The specification doc will determine the “Minimum “and “Maximum” length of the input field (What is the Min/Mac string that the user can enter), for example, an input field that receives a Minimum string length of 2 chars and Maximum length of 10.  The basic test cases are: 

  • Insert number of chars within the boundary values ‘5’ (Positive scenario).
  • Insert number of chars that is Lower than the MIN value ‘1’ (Negative scenario).
  • Insert number of chars that is Higher than the MAX value ‘11’ (Negative scenario).

Field data type

The specification doc will determine the data types supported by the input field. For example:
  • A field that can receive all types of chars.
  • A field that can receive only numbers.
  • Alphabetic field that should not allow numeric values.

For example, let’s assume that we have a numeric field, the basic test cases are:
  • Use input string that contains numbers (Positive).
  • Use  input string that contains Alphabetic chars (Negative).
  • Use input string that contains special characters (Negative).

Data Field Boundaries

The specification doc will determine the boundary values of each field, for example, an input field that set with Min (2) and Max (5) string length, the basic test cases are:
  • Insert input string that within the boundary values ‘4’ (Positive).
  • Insert input string of the MAX value ‘5’(Negative).
  • Insert input string of the MIN value ‘2’ (Negative).

Date Fields

A date field is used to specify a date value, it is important that we validate the basic rules for such fields, the basic test cases are:
  • Validate that user uses only numbers.
  • Validate that user uses the correct date format.
  • Validate dates with/without leap years.

Web Session 

Almost any web application will use the browser session to track and monitor the user while he using the application (Settings, validations and more). To be able to do so, the user should be logged-in and authenticate against the backend server.  

This authentication process will allow the test team to create test cases that simulate the use of WebPages without first logging in and authenticate (from the application perspective, this case is Unexpected).

During this test cases, we will need to validate how the application can handle such scenarios and to examine how to enforce the authentication process prior to allowing the user to use the service. 


Testing the functional behavior of the application is crucial, but we must also combine it with performance testing that will help us to query about the application limitations in ways it was not intended to be used.

Performance test techniques
  • Stress
  • Failover
  • Load
  • Pike

In stress testing we will test the application with data exceeding the application upper limitations, in that case we will probably cause errors or crushes, this is now the tester time to understand the root cause of the problem and how the application recovers.

For more reading about performance tests and its importance:

Object Upload

Another great example that will demonstrate the importance of negative testing is the “Upload” object that is very common in many applications, using the functionality of this object, the user can upload data set from a specific source (Excel, CSV, DB etc.).

Let’s assume that we have this object, that allow the user to select a CSV file as a source, once uploaded the application will use the data set to create a report, from the negative perspective, we can design an infant range of test cases, Examples:  

  • Upload file without the relevant permissions.
  • Delete the source file after it was uploaded.
  • Upload CSV file with an incorrect format.
  • Upload file that does not exists anymore.
  • File Upload from a remote location.
  • Upload files without extension
  • Upload empty files.
  • Upload CSV file that was created from other file type (Simply manually change any other file type into csv).

Connectivity and Availability

Negative testing are also used to test the application connectivity and availability, using this testing method, we will have the power to make a real difference in the application stability and overall quality.

Let’s assume that you have a small application that has three main components that interacts one with each other:

  • Database
  • User interface
  • Application service

We will use Negative testing to attack the interfaces between these components, let’s review the basic examples:

  • Try to save changes in GUI when the database is down.
  • Try to use the application functionality when the service is down.
  • Shut down the DB connection while saving data.
  • Shut down the application service while it’s online.
  • Simulate End-To-End cases on a low bandwidth environment.
  • Save data to database without the appropriate permissions. 


  1. Listicles are really informative and result oriented. Thanks.

  2. I find it useful and help me to enrich my test cases.
    thank you !


My Presentations