When penetration testing a web app, it's hard to avoid a few manual tests. For example, you might try a simple cross-site scripting (XSS) exploit:
Or, perhaps its cousin:
Luckily, with a small collection of common injections, it's easy to perform some mild penetration testing. You can even bookmark them.