In software testing, negative testing refers to the practice of feeding a system with unexpected or invalid inputs. Given an input field that accepts numeric values from 0-100, positive tests would assess if the application does what it's supposed to do, given input values such as "1", "2" or "99".
During negative testing, you would feed the application with inputs such as "9999", "-1" and "%ak/?ä!#?". The goal of a negative test is the same as in a positive test: to asses if an application behaves as it is supposed to, given a specific input. In most cases, you would expect it to return some form of error message. If the application handles any of the inputs in a suspicious way, it might be indicative of a bug or vulnerability. This blog post will take a closer look at why negative testing for software testing is so important. It will also give you an overview of a few tools used for negative testing.
What to Expect
- What Is Negative Testing in Software Testing?
- What Is Boundary Value Analysis?
- Why Is Negative Testing So Important?
- What Are Common Tools for Negative Testing?
- What Is System Integration Testing (SIT)?
- How System Integration Testing Benefits from Negative Testing
- Fuzzing: Best Practice for Negative Testing During System Integration
What Is Negative Testing in Software Testing?
Negative testing in software testing, also known as fault injection, is a technique used to introduce errors or faults into a system to test how it responds. Negative testing aims to find bugs or weaknesses in the system so that they can be fixed before it goes live.
While it may seem counterintuitive to purposely introduce errors into a system, negative testing is actually essential for uncovering potential vulnerabilities and bugs. By finding and fixing errors before the system goes live, you can avoid costly late-stage fixes and potential customer dissatisfaction.
There are two types of negative testing in software testing: error handling tests and stress tests. Error handling tests are used to determine if the system can gracefully handle unexpected input or unexpected situations. Stress tests are used to determine if the system can handle peak loads without crashing or experiencing unacceptable performance degradation.
What Is Boundary Value Analysis?
A related approach to stress testing is boundary value analysis, where boundary conditions are defined and set as inputs. For example, if a library requires a string value as input, test cases for an empty string or null string value are boundary values that should be considered.
Boundary value testing is helpful because it provides a clear way to test potentially problematic inputs or conditions for an application. Such cases can be tested using automated tools that can identify likely boundary conditions automatically.
Why Is Negative Testing So Important?
Negative testing is a critical part of any software development process. It is essential for finding errors and ensuring that software functions as intended. Without negative testing, it would be difficult to know if a system behaves correctly when presented with invalid or unexpected input.
What Are Common Tools for Negative Testing?
There are many different tools that can be used for negative software testing. Some of the most common tools include unit testing, fuzz testing, and security testing.
- Unit Testing: Unit testing is a type of software testing where individual units or components of code are tested to verify that they function as expected. Typically, unit tests are written by developers as part of the development process. Unit tests can be used for both positive and negative testing.
- End-to-end testing: End-to-end testing is an approach where an entire system is tested as it would be used in production. This may include starting up the system under test, performing some common use cases and shutting down the system if required. Negative testing can be done using E2E tests to find invalid or incorrect inputs that may lead to serious bugs or security flaws.
- Security Testing: Security testing is a type of software testing that is designed to assess the security of a computer system or application. Security tests can be used to find vulnerabilities that attackers could exploit. Security tests can be either positive or negative.
What Is System Integration Testing (SIT)?
System integration testing is a type of software testing used to verify a system's behavior when all its components are integrated to ensure that all system components work together as intended. System integration testing is typically done after unit- and component-level testing has been completed. These tests can help find errors that only come up when different system components interact with each other.
How System Integration Testing Benefits from Negative Testing
One of the benefits of negative testing is that it can help uncover issues that might not be easily detected through traditional positive testing methods. For example, if you're performing SIT on an e-commerce website, negative testing can help you find issues related to incorrect pricing, invalid shopping cart states and broken account information. Uncovering these issues early on can avoid potential customer frustration and save time and money in the long run.
Fuzzing: Best Practice for Negative Testing During System Integration
As we've mentioned earlier, negative testing is a critical part of any software testing process. One of the most effective methods for negative testing is feedback-based fuzzing. Feedback-based fuzzing is a technique that uses feedback from previous tests to generate new test cases. This helps to ensure that potential errors are found and fixed. Particularly in instances where dependencies have to be simulated, such as in embedded software testing, it makes a lot of sense to include modern fuzz testing into system integration testing.
Feedback-based fuzzing is especially useful for system integration testing, where interactions between different system components need to be verified. By using feedback from previous tests, feedback-based fuzzing can quickly generate new test cases that can help find unexpected errors. Overall, feedback-based fuzzing is an effective way to perform negative testing in software testing.
If you're looking to improve the security and quality of your software, consider using negative testing methods in conjunction with conventional positive testing methods. Doing so will help you find more potential errors and security vulnerabilities so that you can fix them before they cause any serious problems down the road. The easiest way to get started with fuzz testing is with our open-source fuzzer CI Fuzz. Try it out and have your first fuzz test running within minutes!