A lot of tweets today informed me about launch of Damn Vulnerable Web App (DVWA) which is basically an aid for security professionals to test their skills and tools and help web developers better understand the processes of securing web applications.
I had an old list of tools/plug-ins/utilities etc which can be helpful while playing with DVWA and I'd like to share the same for you to learn WebApp Security better.
Firefox Plugins: [ https://addons.mozilla.org/en-US/firefox/collection/webappsec ]
Tamper Data: https://addons.mozilla.org/en-US/firefox/addon/966
SQL Inject Me: https://addons.mozilla.org/en-US/firefox/addon/7597
XSS Me: https://addons.mozilla.org/en-US/firefox/addon/7598
Some other HACKMEs:
Foundstone Hacme Series: http://www.foundstone.com/us/resources-free-tools.asp
While doing webapp security testing, how can someone forget rsnake. Check out http://ha.ckers.org/ & specially his list of jailfree hacking sites @ http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime