Top 5 Firefox add-ons: Security testing and assessment
by Zeljka Zorz - Wednesday, 25 November 2009.
Test your sites and web applications and perform a security assessment/audit of your work with these handy tools:

1. Tamper Data

Use it to view and modify HTTP/HTTPS headers and post parameters, to trace and time http response/requests. You can security test web applications by modifying POST parameters.



2. HackBar

This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code.



3. XSS Me

XSS-Me is used to test for reflected Cross-Site Scripting. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack. The tool does not do port scanning, packet sniffing, password hacking or firewall attacks.



4. SQL Inject Me

SQL Inject Me is used to test for SQL Injection vulnerabilities. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. The tool sends database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.



5. Groundspeed

Groundspeed allows input validation testing from the top-down, starting at the web application interface level instead from the HTTP protocol.

Some of the practical uses of groundspeed include changing hidden fields, select drop down lists and other fields into text fields, removing size and length limitations on input fields and modifying JavaScript event handlers to bypass client side validation without actually removing it.

Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //