The construction and testing of Web-based systems has become more complex and challenging because of continual innovations in technology. Security is a major concern, particularly for the deployment of mission critical applications. One of the principal vulnerabilities in Webbased systems revolves around insufficient and inappropriate input validation, a deficiency that can be exploited by attacks that bypass client-side checking. This article describes a partially automated mechanism, the tool InputValidator, which seeks to address this issue by sending test data directly to the server to test the robustness and security of the back-end software. The tool allows a user to construct, execute, and evaluate a number of test cases through a formfilling exercise instead of writing bespoke test code.