What is the Big List of Naughty Strings?

The Big List of Naughty Strings is a collection of strings that are likely to cause issues when used as user-input data. It is designed to help identify bugs or vulnerabilities in text input parsing and validation.

Who should use the Big List of Naughty Strings?

This list is primarily intended for software quality assurance (QA) engineers and developers. It helps them conduct both automated and manual testing of user input fields to ensure robustness and prevent unexpected errors.

How does the Big List of Naughty Strings aid in software testing?

It provides a curated and evolving set of problematic strings, ranging from special characters and encodings to long sequences, that often expose edge cases or validation flaws. This proactive testing approach helps catch issues that might be missed by typical user inputs or less comprehensive test sets.

When is the Big List of Naughty Strings particularly useful?

It is useful during the development and QA phases of any application that accepts user text input. It's especially valuable when implementing new input forms, refactoring existing validation logic, or performing security audits to uncover potential injection vulnerabilities or crashes.

In what formats is the Big List of Naughty Strings available?

The list is available as a newline-delimited blns.txt file, which includes comments for manual use. For programmatic access, a blns.json file is provided, containing an array of strings with comments stripped out.

github.com · 24 MAY '20

List of possible naughty strings to test your text input parsing against

Item: List of possible naughty strings to test your text input parsing against
Rating: 5
Author: Simon Frey

This repository provides a comprehensive list of "naughty strings" designed to stress-test text input parsing. It's an invaluable resource for QA engineers to identify edge cases and potential vulnerabilities in input validation.

Visit github.com →

Questions & Answers

What is the Big List of Naughty Strings?: The Big List of Naughty Strings is a collection of strings that are likely to cause issues when used as user-input data. It is designed to help identify bugs or vulnerabilities in text input parsing and validation.
Who should use the Big List of Naughty Strings?: This list is primarily intended for software quality assurance (QA) engineers and developers. It helps them conduct both automated and manual testing of user input fields to ensure robustness and prevent unexpected errors.
How does the Big List of Naughty Strings aid in software testing?: It provides a curated and evolving set of problematic strings, ranging from special characters and encodings to long sequences, that often expose edge cases or validation flaws. This proactive testing approach helps catch issues that might be missed by typical user inputs or less comprehensive test sets.
When is the Big List of Naughty Strings particularly useful?: It is useful during the development and QA phases of any application that accepts user text input. It's especially valuable when implementing new input forms, refactoring existing validation logic, or performing security audits to uncover potential injection vulnerabilities or crashes.
In what formats is the Big List of Naughty Strings available?: The list is available as a newline-delimited blns.txt file, which includes comments for manual use. For programmatic access, a blns.json file is provided, containing an array of strings with comments stripped out.

List of possible naughty strings to test your text input parsing against

Questions & Answers

More from Security

Static analysis