Input Validation
// Definition
Checking user-supplied input before it is processed or stored, accepting only what a feature is designed to handle and safely rejecting or escaping everything else. Validation covers required fields, data types, length, format and allowed characters, and must be enforced server-side — browser-side validation is easily bypassed. For QA, varying input along these dimensions (very long text, special characters, HTML-like input, invalid dates) confirms the app handles unexpected input without breaking or storing unsafe content.
// Related terms
XSS (Cross-Site Scripting)
An attack where attacker-controlled JavaScript executes in another user's browser, often via unescaped input rendered into HTML. Categories include reflected, stored, and DOM-based. Mitigated by output encoding and a strict Content Security Policy.
SQL Injection
An attack where untrusted input is concatenated into a SQL query, letting an attacker exfiltrate or modify data. Mitigated with parameterised queries and ORM usage. Tested with crafted payloads at every input that reaches the database.
Fuzzing
Feeding malformed, random, or unexpected inputs to a system to expose crashes, memory issues, and security flaws. Effective at finding bugs that hand-written tests miss because real users would never type such inputs.