Validation
// Definition
Checking that input or output conforms to expected rules — format, range, type, length, and business constraints. Client-side validation improves UX but must never be the only defence; server-side validation is the authority. Testing validation coverage includes: boundary values, type coercion, empty and null inputs, maximum lengths, and injection-dangerous characters. Distinct from verification (did we build it correctly?), though the two terms are frequently conflated.
// Related terms
Boundary Value Analysis
Testing values immediately at and around boundaries (e.g., min, max, just-below, just-above). Bugs cluster at edges — this technique catches off-by-one errors that equivalence partitioning alone misses.
Equivalence Partitioning
Dividing the input space into groups where the system should behave identically, then testing one representative value per group. Reduces redundant test cases dramatically without losing coverage.
Negative Testing
Testing what a system does with invalid, unexpected, or out-of-bounds input — verifying it fails gracefully rather than behaving incorrectly. Complements positive (happy-path) testing. Examples: submitting a form with an empty required field, sending a string where an integer is expected, exceeding maximum field length, passing an expired token. A system passes negative testing when it returns a clear, appropriate error and does not crash, corrupt data, or leak internal state.
Schema Validation
Asserting that an API request or response matches a defined schema (JSON Schema, OpenAPI, Protobuf). Catches contract drift the moment it appears, without writing field-by-field assertions in every test.