Wednesday, 29 April 2009

Learn Security Testing with Fiddler and Watcher

I mentioned that Fiddler forms an essential part of my web testing toolkit, and recently I had a hankering for knowledge of Security Testing. Somehow I found my way to a Fiddler plugin called Watcher from Casaba Security. This lets me slowly learn about security testing in the course of my normal testing.
Simple to use: enable Watcher using the new [Security Auditor] tab that appears after installing watcher, and test normally, then check the Security tab and see the warnings Watcher has flagged.

How on earth did we test the web without these tools?

I've done a fair bit of Web and Flash testing recently and I suddenly realised how much I rely on various tools I have installed to help me. In fact, I don't know how I ever managed to test web sites without these. So in this post I'll provide a wee introduction to the tools I've used in the past few months. If you don't use the following tools then I'd love to know which tools you use to get visibility into, and control of, your testing.