Skip to content

Data types and web specific test cheat sheet

November 23, 2015

Data types

Paths/files
■ Long name(>255 chars) ■ Special characters in name(space * ? / \ | < > , . ( ) [ ] { } ; : ‘ “ ! @ # $ % ^ & \n \t \r) ■ Non-existent ■ Already exists ■ No space ■ Minimal space ■ Huge file ■ Write-protected ■ Unavailable ■ Locked ■ On remote machine ■ In network ■  File URL ■ Corrupted ■ File without extension ■ Unsupported format

Time and date
■ Timeouts ■ Time difference between machines ■ Crossing time zones ■ Leap days ■ Always invalid days(Feb 30, Sept 31) ■ Feb 29 in non-leap years ■ Different formats(June 5, 2001; 06/05/2001; 06/05/01; 06-05-01; 6/5/2001 12:34) ■ Daylight savings changeover ■ Reset clock backward or forward

Numbers
■ 0 ■ 32768(2¹⁵) ■ 32769(2¹⁵) + 1 ■ 65536(2¹⁶) ■ 65537(2¹⁶) +1 ■ 2147483648(2³¹) ■ 2147483649(2³¹) + 1 ■ 4294967296(2³²) ■ 4294967297(2³²) + 1 ■ Scientific notation(1E-16) ■ Negative ■ Floating point/decimal(0.0001) ■ With commas(1,234,567) ■ European style(1.234.567,89) ■ All the above in calculations ■ Fractions(1/3)

Strings
■ Long(255, 256, 257, 1000, 1024, 2000, 2048 or more characters) ■ Accented chars (àáâãäåçèéêëìíîðñòôõöö, etc.) ■ Asian and other languages chars  ■ Common delimiters and special characters( “ ‘ ` | / \ , ; : & < > ^ * ? Tab ) ■ Leave blank ■  Single space ■ Multiple spaces ■ Leading spaces ■ End-of-line characters (^M) ■ SQL injection( ‘select * from customer ) ■ JavaScript injections ■ With all actions (entering, searching, updating, etc.)

General
■  Violates domain-specific rules (an ip address of 999.999.999.999, an email address with no “@”, an age of -1) ■ Violates uniqueness constraint

 

Web specific tests

Navigation
■ Back (watch for ‘Expired’ messages and double-posted transactions) ■ Refresh ■ Bookmark the URL ■ Select bookmark when logged out ■ Hack the URL (change/remove parameters; see also Data Type Attacks) ■ Hack HTTP requests ■ Multiple browser instances open ■ Try to use cookies from another browser session ■ URL length

Input
■ See also Data Type Attacks HTML/JavaScript Injection/XSS(allowing the user to enter arbitrary HTML tags and JavaScript commands can lead to security vulnerabilities) ■ Check max length defined on text inputs > 5000 chars in TextAreas

Syntax
■ HTML Syntax Checker (http://validator.w3.org/) ■ CSS Syntax Checker (http://jigsaw.w3.org/css-validator/) ■ JavaScript errors(see developers tools for each browser, e.g. FireBug for FireFox)

Preferences
■ Javascript Off ■ Cookies Off ■ Security High ■ Resize Browser Window ■ Change Font Size ■ Try another browser

Also there are some useful links I mentioned earlier for XSS cheat sheet and MySQL injections cheat sheet. For specific text generation it is handy to use Lorem Ipsum generator.

Advertisements
2 Comments
  1. Great work, thanks for sharing!

    Just one question/ remark: For the number checks your saying “32769(2¹⁵ + 1)”, shoudln´t it be “32769(2¹⁵) + 1” instead?

    Cheers,
    Christian

    • You’re absolutely right!
      P.S.: Fixed as this mistake was in all “numbers”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: