User talk:Narayan Koirala

From OWASP
Jump to: navigation, search

Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 19:12, 14 August 2012 (UTC)

Understanding False Positive and False Negative

False positive and False negative are two terms that we should know and be careful about at all times during software testing. Basically Both of these are harmful but false negative is more dangerous.These both can be found in both Manual Testing or Automated testing. In brief

False positive:- Test is marked as failed even in reality it is passed, or the functionality works properly

How it can occur :-It occurs when a test engineer(during manual testing) reports a bug to correctly working function due to mistake or negligence. Similarly in case of automated testing the test tool may report an "SQL Injection vulnerability" where SQL injection is not possible at all.or a load testing tool may report the failure of loading sites even the hit is from just 50 virtual users(during a test on real users of 50 if it passes), which actually may be false.

Problems due to false positive:- This can lead the Senior test engineer who is responsible for verification to confusion or adds a extra burden to check at different levels, or even if the bug is submitted to developer for fix, he/she may be irritated for reporting bug to the function that has no problem and works correctly. Which leads conflicts and may work as a barrier in healthy relation between test engineers or test engineers and developers which is never good for and organization.

How to Handel False Positives:- In manual testing:- Verification of test system before submitting

                                                   Ensure revision to test  or verification by higher personal ( senior test engineer)
                               In Automated Testing:-Review the report properly.
                                                     Check each bugs reported by tool manually for conformation


False Negative:- Test is marked as passed even in reality it is failed or there is some problem in functionality or there is a bug

How it can occur :- In manual testing the function to be tested where there is a bug may be missed due to various reasons, or the function may be working correctly during first iteration and due to some other fixes the function may not be working correctly now. In case of automated testing the tool may miss the path to test the functionality, due to which a vulnerable system may be marked as passed, or in some cases it may not detect it in its test too.

Problems due to false negatives:- False negatives are more dangerous than false positives because it can lead to sever problem after the software is released or in case of web apps the site may be hacked or user data may be compromised.


How to Handel False Negatives:- In manual testing:- Ensure better test environment, test plan and cases for testing

                                                   Add a process of verification by senior test engineer so he many find the hidden bugs.
                               In Automated Testing:-Do not trust on every tool you use blindly
                                                     Understand there may be some techniques to reduce the false negatives such as "Acusensor technology used    by Acunetix"


lastly do not trust manual testing alone or Automated testing alone, Go for both testing one after another so that you are petty sure there are no false positives or false negatives in the system.

"Happy Testing !!!"