Whenever I'm testing a web application, when I see a page of any sort of complexity I view the source code. You never know what you'll see lurking around in there. Sometimes you can be looking at what you think is static text to find it's generated. Sometimes you can find useful comments lurking around in there. Every time it gives you a better understanding of what's going on in the background.
Any time I see a number in a URL I see what happens when I change it. Try incrementing it by one or decrementing it by one. Sometimes you'll find you can navigate to pages you can't otherwise navigate to and/or other security / authentication issues.
I always try to spend about ten minutes doing simple URL hacking on a new site when I first sit down to test it. If I can't find something in around five to ten minutes, I move on to the next round of tests.
If your application has a user-viewable timestamp shown on any content or objects, check what time is shown. Is it the timezone of the user's PC? the server? When you test an application its a good detail to know the answer to.
When I'm testing a web application, I always submit forms with default values. Even if it doesn't make sense. Sometimes, forms can't handle their own default data. Other times, you'll see inconsistencies in error messaging for required fields, or field formats.