Top 5 Firefox add-ons: Security testing and assessment
Test your sites and web applications and perform a security assessment/audit of your work with these handy tools:
1. Tamper Data
Use it to view and modify HTTP/HTTPS headers and post parameters, to trace and time http response/requests. You can security test web applications by modifying POST parameters.
2. HackBar
This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code.
3. XSS Me
XSS-Me is used to test for reflected Cross-Site Scripting. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack. The tool does not do port scanning, packet sniffing, password hacking or firewall attacks.
4. SQL Inject Me
SQL Inject Me is used to test for SQL Injection vulnerabilities. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. The tool sends database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.
5. Groundspeed
Groundspeed allows input validation testing from the top-down, starting at the web application interface level instead from the HTTP protocol.
Some of the practical uses of groundspeed include changing hidden fields, select drop down lists and other fields into text fields, removing size and length limitations on input fields and modifying JavaScript event handlers to bypass client side validation without actually removing it.