I finally got to meet RSnake in person at DefCon 16. He's a very personable web application security thought leader among many other things.
While some of his writings go way over my head, I've been having a lot of fun with his Firefox Web App Security Bookmarklets, little snippits of JavaScript that can tweak the way FireFox handles the page you're currently on. You simply drag the links from his page to your bookmarks bar (or, like I do, put them in a bookmark bar folder) and then go have fun.
Some of my favorites are "Edit Cookies" which gives you a pop-up to directly edit the content of the current site's cookie, and "Method Toggle", which flip-flops GET/POST methods on form submissions. It's sometimes peculiar to see how a web site handles data submitted via GET instead of POST or vice versa. This also allows you to quickly edit submitted content in the URL bar, if GET is accepted.
Tinkering with RSnake's bookmarklets is an easy way to get your feet wet in the fascinating world of web application security, and makes a good starting point for further forays into the subject.
Some of my favorites are "Edit Cookies" which gives you a pop-up to directly edit the content of the current site's cookie, and "Method Toggle", which flip-flops GET/POST methods on form submissions. It's sometimes peculiar to see how a web site handles data submitted via GET instead of POST or vice versa. This also allows you to quickly edit submitted content in the URL bar, if GET is accepted.
Tinkering with RSnake's bookmarklets is an easy way to get your feet wet in the fascinating world of web application security, and makes a good starting point for further forays into the subject.