Dear Sitepoint fellows,

I wonder if anyone likes to share his knowledge about best practices concerning the testing of an implemented input validation.

Some of you surely know of the uncertainty: Is that input validation really working to 100 percent?

Let's say I want to validate that a user input has a certain format. (I obviously use a regular expression for that.) As test case I try out several strings including randomly generated ones and see if they break the validation. If that happens I optimize my regular expression and start the tests over again. This iterative process doesn't bother me, but...

My concern is: How can I make sure that I tested every sequence of the allowed characters? Or in general: How do I gather a complete set of test cases?

Looking forward to your feedback
~ Thorsten