If you write web applications as a hobby or a business, you should ensure they are as secure as possible before launching them into public beta. All too often we hear that flaws in software code are exploited by hackers every day, most of the time these exploits are the result of sloppy code. How do you perform penetration tests on your web applications?

From an article at Tim Jansson’s blog it turns out that if your testing a web application you should consider using Firefox as one of your tools. There are 12 Firefox extensions that make penetration testing your web application easier than ever.

Some of the functionality mentioned involves analyzing cookies, editing JavaScript on the fly, locating SQL injection vulnerabilities, modify HTTP headers, using NoScript to cover your tracks, and even modifying requests sent from the browser.

While these tools are great, there is one thing for sure, there’s no substitute for knowledge about protocols, security, and policies.