Every contrivance of man, every tool, every instrument, every utensil, every article designed for use, of each and every kind, evolved from a very simple beginning.
These tools can cover the breadth and depth needed to perform comprehensive web application security testing. Many of these tools will be useful to you, yet some not. The usefulness of any individual tool will depend heavily on your context—particularly the web application’s language and what you most need to protect.
This chapter is a reference chapter, even more so than the rest of the book. These recipes recommend tools and discuss a bit of their use and background. Unlike later chapters, these recipes don’t directly build up to comprehensive security tests.
Instead, this chapter can be thought of as part of setting up your environment. Just as you might set up a separate environment for performance testing, you’ll want to set up at least one workstation with the tools you’ll need for security testing. That said, many people use the regular QA server and environment for security tests—and this generally works well. Just beware that any security test failures may corrupt data or take down the server, impacting existing test efforts.
The Firefox web browser, with its extensible add-on architecture, serves as the best browser for web application security testing.
Using your system default web browser, visit http://www.mozilla.com/en-US/firefox/ ...