A new generator to test malicious inputs #2427
alessandro308
started this conversation in
Ideas
Replies: 2 comments 5 replies
-
I like the idea, but IMO this is very hard to do generically. E.g. depending on what your target is you have to use different kind of exploits. E.g. script or sql injection. Also for security purposes it is best to actually and repeatedly test for all potential vulnerables instead of a random one that may or may not actually fit the system. |
Beta Was this translation helpful? Give feedback.
1 reply
-
https://github.com/minimaxir/big-list-of-naughty-strings is always good for this |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In the middle of a boring Sunday, this idea pops out. We use Faker to fill our e2e test with realistic data. To keep stuff more real, what I'd like to create is a section that generates malicious data.
For instance we fill the user company name field with
faker.company.buzzPhrase():
.The problem is that not all the users are good so maybe one of it may try to insert
<script>alert('test')</script>
in the company name or even worst strings (SQL injections, xss strings etc..)So the propose can be to add
and so on, to have malicious input in a valid format for your input to force devs to think about that because otherwise tests fail.
Beta Was this translation helpful? Give feedback.
All reactions