CISSP · Question #1015
An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected data into the organization's customer service portal, ca
The correct answer is D. Negative. Negative testing involves deliberately inputting invalid, unexpected, or malformed data to verify that an application handles errors gracefully and does not crash or behave insecurely.
Question
Options
- ANon-functional
- BPositive
- CPerformance
- DNegative
How the community answered
(57 responses)- A2% (1)
- B12% (7)
- C5% (3)
- D81% (46)
Why each option
Negative testing involves deliberately inputting invalid, unexpected, or malformed data to verify that an application handles errors gracefully and does not crash or behave insecurely.
Non-functional testing evaluates aspects like usability, reliability, and scalability rather than focusing on how the system handles invalid or unexpected input data.
Positive testing verifies that the application behaves correctly when given valid, expected inputs - the opposite of what occurred here, where unexpected data was used to cause a crash.
Performance testing measures how a system behaves under load, stress, or specific workloads, not how it handles invalid or unexpected input data.
Negative testing is specifically designed to input data outside the expected parameters - such as unexpected or malicious inputs - to identify how an application responds to invalid conditions. The security team's automated tools sending unexpected data that caused the portal to crash is a classic example of negative testing, often associated with fuzzing or boundary/edge-case testing. This type of testing reveals vulnerabilities in input validation and error handling.
Concept tested: Negative testing with unexpected input validation
Source: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README
Topics
Community Discussion
No community discussion yet for this question.