Negative testing

There has been a lot of fuzz about the OpenSSL ’Heartbleed’ bug, as you might have noticed, if not check this out http://heartbleed.com/.

I came across this comic on xkcd.com the other day:

http://xkcd.com/1354/

It serves as an excellent reminder on why tests must include lots of negative tests. Making illogical requests like the one presented in the comic will make most people ask: ”Why did you do it?” and any tester would immediately answer ”Because I can!”

It is not uncommon that we have discussions over defects that according to some are scenarios that can/will not happen, and according to others (often testers) will happen because there is nothing that prevents the users or interfacing systems from making the action. None the less the negative scenarios often expose far more (and with higher severity) defects compared to the positive test scenarios…

There is lots of nice information on negative testing in this paper: http://www.workroom-productions.com/papers/PVoNT_paper.pdf

Happy negative testing!

/Nicolai