OWASP & tools

I just had an application security awarness training, and it was quite enlightening. Of course Owasp was mentioned, with the top ten list of vulnerabilities, along with the webGoat webapp. but also tools like

• fiddler: free win32 http proxy with scripting facilities, no ssl support and based on .net
• charles: shareware http proxy in java with ssl suport
• WebSleuth: an ie plugin to edit forms, suddenly hacking got so much simplier

Of course there are firefox plugins to achieve the same set of functionnalities.