Many IT shops focus on the lowest possible granularity, which tests I call "validation" or "verification." The tests are focused primarily on just the functionality requested, and rarely consider negative (failure) test cases.
While organizations think they're helping themselves by keeping testing costs low, they are actually hurting themselves. Those negative test cases that aren't discovered during the product development phase will typically surface during support, dragging resources off the next project back onto the original project.
Test case granularity is definitely a function of the application, the project criticality, and the schedule. You may work on projects where only the most basic negative cases are required. You may also have projects where deep negative testing is required -- for instance, a simple content-only website versus a medical device or piece of medical record software. When in doubt, revert to the customer, provide them with concrete examples of the test granularity you're thinking of working to, and help them find the right level of granularity.
Dig Deeper on Topics Archive
Related Q&A from John Overbaugh
Learn strategies for best security test strategies for SaaS cloud. Continue Reading
Security and security tools have become more necessary to the application lifecycle, according to recent research. In this response, expert John ... Continue Reading
Expert John Overbaugh defines security as confidentiality, integrity and availability of information across systems and applications. Read this ... Continue Reading