Good input datasets


(conrad) #1

I had a cheat sheet of these at one point, a sheet of good UTF8 and UTF16 data containing things like “text” strings to try with your app containing the special characters that trip things up, and the usual edge case finder tips. Penetration test is not my goal here.
By trying to think them up based on my context each time it’s more likely one would be testing the cases you care about, but if your time allows, getting more confidence by throwing more at the job could always help. Anyone got some good cheat sheets that involve url escapes, sql injections, regex fails, html escape hacks etc?


(Rosie) #2

The Big List of Naughty Strings always comes to mind - https://github.com/minimaxir/big-list-of-naughty-strings


(Miloš) #3

You can also take a look at Bug Magnet browser extension. It’s pretty handy for manual testing.


(conrad) #4

Thanks guys, the big list of naughty strings was the one I had lost, but I am pretty sure there will be other good sets out there which other people are using for starter data, or for going deeper. Keep sharing.