As security testers we tend to always be on the lookout for new or updated tools to test the security of web based applications. Some of these are of course commercial, but most of us also make extensive use of the free and/or open source offerings. In no particular order here are the ones I am currently making use of: Burp Suite - http://portswigger.net/suite/ Fiddler2 - http://www.fiddler2.com/fiddler2/ Watcher - http://websecuritytool.codeplex.com/ Ratproxy - http://code.google.com/p/ratproxy/ Grendel Scan - http://grendel-scan.com/ W3AF - http://w3af.sourceforge.net/ Skipfish - http://code.google.com/p/skipfish/ Exploit-me - http://labs.securitycompass.com/index.php/exploit-me/ Wikto - http://www.sensepost.com/research/wikto/ Tamper data - http://tamperdata.mozdev.org/ Wmap - http://www.metasploit.com/redmine/projects/framework/wiki/WMAP Nikto - http://cirt.net/nikto2 Special mention to Samurai WTF - http://samurai.inguardians.com/ Please let us know if there are any ...