What is negative testing?

Negative testing verifies the system handles invalid input, forbidden actions, and error conditions correctly - wrong passwords, expired tokens, over-limit uploads, malformed payloads. The expected outcome is a safe failure: clear message, no data corruption, no security bypass. It contrasts with positive testing, which confirms happy-path behavior works. Negative cases often surface security and validation gaps that happy-path suites miss. Automate common negative API and form cases where rules are stable; explore edge combinations manually when logic is new. Too few negative tests lead to brittle production behavior under bad input. Balance effort toward high-risk boundaries: auth, payments, permissions, and data deletion.