What

"Testing aimed at showing software does not work." [Beizer]
BS 7925-1.British Computer Society Specialist Interest Group in Software Testing (BCS SIGIST)

The definition shown in my opinion is too vague. Each test in negative testing needs two elements:-

   1)to show that the software will fail
   2)the failure is handled in a specified manner.

Negative testing may also be referred to as "dirty testing".

In terms of the V-model, negative testing runs the whole length. This is because it can be conducted during component testing through to integration testing of whole systems.

In terms of other design techniques, negative testing can be seen in black box testing where there code is unavailable to the tester. White box testing with access to the code is available.

Why?
It may seem bizarre, but negative testing is actually a very positive activity! No matter how well a software system is designed, coded or built there will always be a time when a user tries to do something he should not.

An example is an input field on a form. The data entered will be an amount of money to set a price field on a database. The database field accepts only numerics. Obviously the form field would need to be restricted to accept numeric characters only. If the user enters 2.37 and commits the transaction, the price will be set toŁ2.37. However what if he enters "two pounds and thirty seven pence"?

Imagine that the user has entered "two pounds and thirty seven pence", if the form does not validate the data entered, once it is commited the system will try and enter alpha characters into a numeric only field on the database, this could cause the system to stall.

To prevent this occuring we would:-

   1) show that trying to submit the form will indeed fail if alpha characters are entered.
   2) the user receives a suitable message to the effect that the field has to be completed with numerics, i.e.

Once this has been demonstrated, we can be sure that the risk of a failure due to non-numeric characters being entered into the price field has been mitigated.

The only problem with negative testing is the feelings it plays on and generates. Resistance can be felt against or resources not allocated for instance. Various are given:- "The customer will never do that", "it is seen negative and bad mouthing the product". In my experience negative testing is the first thing to be cut if time or money resources are tight. This is a shame as many serious problems can be uncovered, only by treating the software in a way that we should not.

Who?
Anyone from developers running component testing through to implementors on site can conduct negative testing. Of course they will run tests appropriate to the level of which they are interacting with the software.

Where?
Anywhere from the developing organisations site, through to customer site when doing user acceptance testing.

When?
Again very wide scope. This can be as soon as the code has been written for an individual component through to the final acceptance phase.

How?
Test selecting techniques available to the negative tester include boundary value analysis and equivalence partition testing at the black box level.

Static and dynamic analysis are can be used at the component level.

Requirements are required to show how exceptions are to be handled in general and in specific circumstances.