Weblinks

Main Menu

It doesn't matter how good your programmers are, rigorous testing will always be part of producing secure software. Hope and Walther steal Web security testing back from the L33T hax0rs and return it to the realm of the disciplined professional.

Brian Chess,
Founder/Chief Scientist Fortify Software

Weblinks

Where would we be without Firefox for testing? It is so configurable, so usable, so useful. We're always adding extensions to our Firefox installations. Here's a few we rely on a lot.

Display #
#	Web Link	Hits
1	Ad-Block Plus Although it doesn't help you with security testing, it is really handy to keep all the ads and malware at bay. Ad-Block helps out there a lot.	153
2	TamperData Where would we be without TamperData? You can't do hardly anything these days without it, or something like it. Want to bypass client-side validation? This is your tool. Want to see the sneaky AJAX and Flex requests going on behind your back? Here's your tool. Wanna do some exploratory security testing? Here's your tool.	159
3	Firebug You know your plug-in has come of age when it has plugins. Firebug is amazing in all the things it can do: it can give you a JavaScript debugger. It lets you dynamically manipulate the DOM. It lets you inspect the DOM as it exists in memory (obviating the need for "view source"). It's one of the most powerful web debugging and testing tools out there.	161
4	No Script NoScript is more a security tool to protect you than to help you test. It allows you to be very selective in the elements that execute in your web browser. For example, you can accept JavaScript from youtube.com, but not from google-analytics.com. It also helps protect you from CSRF, XSS, and clickjacking.	144

Feed Entries

follow pacohope at http://twitter.com/

follow OWASP NoVA at http://twitter.com/