If you are testing web applications for security, be sure to examine the Forgot Password functionality and attempt to subvert it. It's another way that users can authenticate to the app and is often less secure than the primary method. First you'll need to enumerate usernames (try the username wordlists I made available a while ago). Once you have some valid usernames, the Forgot Password functionality will often present you with a challenge to answer one of the user's personal security questions.
One of the most common security questions you see is "What was the name of your first pet?". If the application doesn't limit the number of attempts, you have a very good chance at answering this question by iterating through different names with a tool like Burp Intruder. The last time I did this successfully, "Rocky" was the name of the user's pet.
You need big list of common pet names to do this. That's exactly what I'm providing here for your download pleasure. My wordlist currently has over 1,400 pet names.
Click here to get the pet name wordlist
Enjoy! Obviously my list can't cover every conceivable pet name, but please let me know if you think I'm missing a common one.