Top 5 Firefox add-ons: Security testing and assessment
by Zeljka Zorz - Wednesday, 25 November 2009.
Bookmark and Share
Test your sites and web applications and perform a security assessment/audit of your work with these handy tools:

1. Tamper Data

Use it to view and modify HTTP/HTTPS headers and post parameters, to trace and time http response/requests. You can security test web applications by modifying POST parameters.



2. HackBar

This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code.



3. XSS Me

XSS-Me is used to test for reflected Cross-Site Scripting. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack. The tool does not do port scanning, packet sniffing, password hacking or firewall attacks.



4. SQL Inject Me

SQL Inject Me is used to test for SQL Injection vulnerabilities. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. The tool sends database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.



5. Groundspeed

Groundspeed allows input validation testing from the top-down, starting at the web application interface level instead from the HTTP protocol.

Some of the practical uses of groundspeed include changing hidden fields, select drop down lists and other fields into text fields, removing size and length limitations on input fields and modifying JavaScript event handlers to bypass client side validation without actually removing it.

Spotlight

Dissecting the unpredictable DDoS landscape

Posted on 23 April 2014.  |  DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Apr 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //