WebApp Sec mailing list archives
Re: [Tool Announcement] Groundspeed Firefox add-on
From: Felipe Moreno <felipe () wobot org>
Date: Tue, 15 Dec 2009 09:57:37 -0500
The big motivation behind groundspeed was to make the test process more efficient for the tester. Groundspeed was designed to solve a pentest problem, while the other tools were designed to solve development problems. It's true you can do the same stuff with them but it requires more cognitive tasks (reading through source code, navigating a tree structure, etc.) and manipulation tasks (clicking, switching tabs, windows, etc). One of the arguments I made in the OWASP presentation is that these "extra" tasks finish up having a high "cost" for the tester. They distract the tester, they do not contribute to the goal of the test and they are annoying. You can think of them as some sort of "test friction". If you have to pick only one extension, the obvious choice is Firebug (the Swiss army knife of web app tools), but if you can have more than one tool, there is no reason not to use an axe to chop down the tree. -- Felipe. On Mon, Dec 14, 2009 at 6:39 PM, Gregory Rubin <grrubin () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While I'm always thrilled to see more tools for security testers, I have to ask what makes this different/better than: * Web Developer * Firebug Greg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.10) iD8DBQFLJszK5KDU23nQpRcRAu0nAKCug7XJazg0gwxfF/NVx9FqfmyCegCfcpWw tRME4eW+O98b+JA55L70Yfk= =yfFU -----END PGP SIGNATURE----- On Mon, Dec 14, 2009 at 8:15 AM, Felipe Moreno <felipe () wobot org> wrote:I would like to announce the release of Groundspeed, an open source Firefox add-on to support manual webapp input validation testing. Groundspeed allows you to modify the target web application's interface by manipulating the forms and form elements loaded in the page, in order to remove client-side controls and limitations. Some of the practical uses include changing hidden fields, select drop down lists and other fields into text fields, removing size and length limitations on input fields and modifying JavaScript event handlers to bypass client side validation without actually removing it. You can find more information and download Groundspeed here: http://groundspeed.wobot.org -- Felipe This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- [Tool Announcement] Groundspeed Firefox add-on Felipe Moreno (Dec 14)
- Re: [Tool Announcement] Groundspeed Firefox add-on Gregory Rubin (Dec 14)
- Re: [Tool Announcement] Groundspeed Firefox add-on Felipe Moreno (Dec 15)
- Message not available
- Message not available
- Re: [Tool Announcement] Groundspeed Firefox add-on Felipe Moreno (Dec 16)
- Re: [Tool Announcement] Groundspeed Firefox add-on YGN Ethical Hacker Group (Dec 27)
- Re: [Tool Announcement] Groundspeed Firefox add-on Felipe Moreno (Dec 15)
- Re: [Tool Announcement] Groundspeed Firefox add-on Gregory Rubin (Dec 14)