There’s lots of quick attacks you can do on an web page input field. Gojko Adzic has written a useful extension called BugMagnet (Chrome only at the moment) that puts a lot of these quick attacks a right-click away.
I’ve found the BugMagnet tool useful in several ways.
- It saves typing and test data preparation. With a right-click you can enter 64Kb of data, Chinese characters, XSS exploits, different types of email formats, etc. No need for lengthy typing or cut and pasting from your test data document. Right-click, select, and there it is.
- It reminds me of all the different tests that could be done—overflows, special characters, white space handling, error handling of invalid input, security considerations, etc. I have the Test Heuristics Cheat Sheet handy as a reminder and can now have this as well.
- It can also be useful for demonstrating to someone who may not have much exposure to testing just how much could go wrong with just one simple inout field. A few years ago I had a conversation with a manager who was confused as to how hard it could be to test an input form—didn’t you simply enter some values and check that it worked? With this extension, you can explain all the possible inputs that could happen, what could go wrong if the app did not process them properly, and why you needed to test these possibilities.