You may have fun building fuzzers. You just feed all kinds of varied, random data to your app. If you only expect numbers, try and see how your app behaves if you feed it large or negative numbers, strings in certain charsets.
You'd be surprised to see the amount of apps that accept a single non-breaking space (alt + 0160) as an username.
Don't assume that a disabled, unchecked checkbox in a registration form can't be enabled/checked.
Don't expect that you'll receive a value from a <select> element that is actually contained within that dropdown's options.
When your app breaks horribly, your curiosity will hopefully throw you into a night of reading and hacking.
You can read more about fuzzing at Jesse Ruderman's blog[1]. He wrote very interesting fuzzers for Mozilla's JS, DOM and CSS parsers.
Sometimes, a friend of mine would ask me to check out his project. I proceed to act like an incredibly malicious user, then have this friend get mad at me.
It all clears out after explaining that he would always run into someone trying to break things. Even someone just trying to get a laugh!
You'd be surprised to see the amount of apps that accept a single non-breaking space (alt + 0160) as an username.
Don't assume that a disabled, unchecked checkbox in a registration form can't be enabled/checked. Don't expect that you'll receive a value from a <select> element that is actually contained within that dropdown's options.
When your app breaks horribly, your curiosity will hopefully throw you into a night of reading and hacking.
You can read more about fuzzing at Jesse Ruderman's blog[1]. He wrote very interesting fuzzers for Mozilla's JS, DOM and CSS parsers.
Sometimes, a friend of mine would ask me to check out his project. I proceed to act like an incredibly malicious user, then have this friend get mad at me.
It all clears out after explaining that he would always run into someone trying to break things. Even someone just trying to get a laugh!
[1] http://www.squarefree.com/categories/fuzzing/