Weblinks

Main Menu

Paco and Ben understand and explain curl and HTTP concepts in an easygoing but yet technical and exact way. They make this book a perfect guide to everyone who wants to understand the 'bricks' that web apps consist of, and thus how those bricks can be security tested.

Daniel Stenberg, author of cURL (http://curl.haxx.se/)

Weblinks

These are the tools we recommend in Chapter 2, "Installing Some Free Tools."

Display #
#	Web Link	Hits
1	WebScarab from OWASP WebScarab is a great tool for proxying web connections, investigating the randomness of session IDs, and spidering web sites. It is best used on Web 1.0 systems.	161
2	Paros Proxy Paros is another popular proxy for testing web applications.	192
3	Charles Proxy Charles is a less well-known proxy for testing web applications, but it has a few features that make it worth noting: it is multiplatform (as WebScarab and Paros are), but it can do AJAX debugging of XML and JSON requests and responses and can show AMF: the contents of Flash Remoting / Flex Remoting. It is shareware, however, and requires a license.	162
4	Burp Suite Another proxy tool, but also a good tool for invoking some of the NIST FIPS 140-2 tests. It gives you nice graphics and a flexible way to import data that your application generated and analyze it.	173

Feed Entries

follow pacohope at http://twitter.com/

follow OWASP NoVA at http://twitter.com/