When programming for the Palm there was a nice utility called “Gremlins” that simulated random user input: Thousands of chaotic pen movements on the screen.
I wish, the was something similar for Rails applications:
For each of your controllers you can define the params that will be filled systematically with garbage, testing if an error occurs or if one of the predefined outcomes (redirect, view display) occurs. When the controller deviates from the allowed responses, the data is logged and the test continues. The goal of this test ist to detect vulnerabilities you haven’t thought of and to find input that leads to application errors.
The params array will be filled with the following predefined “garbage”:
- Numbers: float and int, positive and negative, zero, big and small
- Text: Text that contains: Backslashes, quotations, ASCII > 127
- Date/Time: Correct dates, dates that are far into the future or the past, date without time, time without date