Welcome, my children. My name is Rana Dey, and I’d like to talk to you about Raina Dey Scenarios (see what I did to my name by adding an ‘i’? A pun on “Rainy Day Scenarios”). This is a new column, a column to teach you how to think. A column to teach you how to see. We want you to grab an app and shake it and find where it is most vulnerable! It is just an app; it has no feelings, and your job is to break it if possible by negative testing.

So, let’s begin with a favorite app from interview questions: the ATM. Keep in mind, we are only going to focus on negative testing. Positive testing is easy – make a flowchart map of the functions, and run through all of the paths, using happy values and all input methods, while ensuring that entered values are used, and cached values are not used. But that stuff, as I said, is too easy to discuss here. And let’s not get to performance testing yet either, or dealing with power fluctuations. Let’s just move onwards to the functional uh-oh’s, or the oopsies if you prefer.

1. Login.

a. Bad stripe / wrong side of card
b. Expired card
c. Wrong password without too many attempts
d. Wrong password with too many attempts
e. Account not found

2. Withdrawal

a. Exceeds session limit
b. Exceeds daily limit
c. Exceeds money in account
d. Exceeds money in account when including relevant out-of-network bank fee
e. Cannot withdraw $0
f. Not a multiple of denomination amount
g. ATM is out of cash (should display at start of session, and Withdrawal should be disabled during session)
h. ATM has less cash than withdrawal is for

3. Deposit

a. Nothing inserted
b. Paper inserted into rollers is too long
c. Drawer blocked (cannot close) / rollers unable to consume detected item
d. Cannot identify value of cash/check inserted
e. Suggested value (keyed in) for unidentified-value item is nonsensical
f. OCR-ed value on check is out-of-range of acceptable values (too high, 0, negative)

4. Account transfer (must try for each account type)

a. Try to transfer an amount that exceeds the source account
b. Try to transfer an amount that exceeds the source checking account once the foreign ATM fee is included with the amount
c. Try to access “account transfer” when the card only references an account with one account type
d. Try to transfer $0.00
e. Try to transfer a valid value that exceeds the maximum doable by the ATM

5. End of session

a. Card not removed (for systems that begin with a swallow instead of a swipe)

6. Situations that must be tested on multiple screens

a. ATM shutting down to be serviced
b. Connection lost
c. Cannot print but otherwise usable (should display at start of session)
d. No response from user after waiting period (may be multiple options – some prompt user to see if they’re still there, others log user out; include user failing to remove withdrawn money)
e. No money in account for non-withdrawal action that assesses a bank fee

Can you think of anything else? Please write in comments below this blog post and help this list become more complete if you can find anything I may have missed.