String Heuristics

• Very long strings, even of single character

• Strings of high-ASCII

• Nonalphanumerics: !@#$%^&*()_-+=:;'",…

• Unicode: non-ASCII malformed surrogate pairs, ASCII encoded in several bytes, etc.

• Directory traversal: .., ../, ../.., ../../.., etc.

• Command injection: “ls *”, “SELECT FROM”

• Format string: %n%n%n%n %s%n%s%n