Some testers separate their test cases into distinct groups: positive test cases (tests of the functionality as specified by requirements), negative test cases (deliberately entering bad data or using other techniques to try to break the functionality), security test cases, etc. In general, I’ve usually found it more useful to create test cases based on requirements that include both positive and negative tests, as well as security or other tests as appropriate. But what works best really depends on your project and your style.
Last month, Steve Miller published a good, concise list of the top 10 negative test cases in his monthly newsletter. It’s a nice reminder of things to look for when creating test cases or even doing exploratory testing and coming up with exploratory test charters. For instance, I always remember to touch on number 2, required data entry, but I usually forget number 1, embedded single quotes. I need to post this list in my cube, I guess. 😉