SANS ISC: Firefox as the weapon of choice? - SANS Internet Storm Center

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

The security testers alike are always seeking new tools to make their testing more effective. I am really not thrilled about some testers wannabe thinking that tools are the only thing they need to be good security testers. Skills, techniques and understanding of the overall picture are all very important to security testing especially while testing the non-standard components (eg. application security assessment). That's the exact reason I discuss not only tools but also the techniques and reasons some security checks were done in my web application security testing course.

Most application security testers are already using some Firefox plug-ins to assist in their testing. These plug-ins are usually very helpful in getting some quick and easy test tools directly from within the browser. The folks from security-database.com has compiled a catalog of the security plug-ins in Firefox, called FireCAT. I would suggest taking a look at their catalog and load up your Firefox browser with some of the security tools. Although most of these plug-ins would not be considered best of breed tools in their respective area, the ability to use them from within the browser usually makes them very accessible and easy to use. You might also want to know that these tools would not only benefit the application testers but also the infrastructure testers and most other security professionals as well.