Don’t re-invent the wheel or toil away thinking of test data or techniques – use a cheat sheet.
Here’s a cheat sheet of cheat sheets…
General
Ministry of Testing’s Test Heuristics Cheat Sheet | Covering a wide range of areas, with test data, heuristics and techniques. |
Big list of naughty strings | Lots of test data, from awkward characters to SQL injection |
Security
My Security Cheat Sheet | Some basic values to test for injection |
SQL Injection & XSS Playground (ired.team notes) | Helpful resource for SQL injection & XSS |
Penetration Testing Cheat Sheet (Ivan Sincek) | Massive collection of well explained things to try when pen testing |
OWASP Cheat Sheet series | A complete collection of different cheat sheets focused on prevention, covering a very wide area. |
OWASP Web Application Security Testing Guide | Really handy resource with great explanations. Whilst it is fairly technical and has plenty jargon, it is fairly readable. |
PortSwigger’s Web Security Academy | Fantastic learning resources. |
PortSwigger’s XSS Cheat Sheet | A good cheat sheet for XSS. |
PortSwigger’s SQL Injection Cheat Sheet | A good cheat sheet for SQL Injection |