Firefox as the weapon of choice?

The security testers alike are always seeking new tools to make their testing more effective. I am really not thrilled about some testers wannabe thinking that tools are the only thing they need to be good security testers. Skills, techniques and understanding of the overall picture are all very important to security testing especially while testing the non-standard components (eg. application security assessment). That's the exact reason I discuss not only tools but also the techniques and reasons some security checks were done in my web application security testing course.

Most application security testers are already using some Firefox plug-ins to assist in their testing. These plug-ins are usually very helpful in getting some quick and easy test tools directly from within the browser. The folks from has compiled a catalog of the security plug-ins in Firefox, called FireCAT. I would suggest taking a look at their catalog and load up your Firefox browser with some of the security tools. Although most of these plug-ins would not be considered best of breed tools in their respective area, the ability to use them from within the browser usually makes them very accessible and easy to use. You might also want to know that these tools would not only benefit the application testers but also the infrastructure testers and most other security professionals as well.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS Leadership and Cloud Security Dallas 2022 - Live Online


93 Posts
ISC Handler
Sep 25th 2007

Sign Up for Free or Log In to start participating in the conversation!