Yesterday we had a bit of a security “incident” at the day job. The fix was relatively straight-forward (I wasn’t the fixer), and when completed I was tasked with determining if the fix was sufficient and if there was anything else obviously insecure.
It had been a long day, it was late, and my testing was just not as good as it could’ve been. It seemed OK and I signed it off.
This morning, however, I was challenged to spend some time really “hacking” at this particular web app. I went nuts! A few hours later I had identified a handful of new vulnerabilities. A mixed blessing to be sure. I’m always happy when I do a good job, but this is a job I would’ve preferred to have failed at…
Know what made some of that almost pleasant though? A slick little Firefox extension called UrlParams. Want to flip POST to GET? Want to edit hidden form fields on the fly? One of my particular favorites: Add new fields (great for locating debug options). Messing with the referrer can be fun too.
In general, our stuff did quite well, but there were a few scenarios where I managed to get it to cough up the goods.
More testing tomorrow, and UrlParams will definitely still be in the toolbox.
Possibly Related posts:
March 14th, 2007 
Tags: 
Just wanted to drop a quick note and to just say thanks for all the work you do.
I subscribe via email and get everyone of your posts, in addition I enjoy your handysolo help at the Wordpress.org site.
THANKS A TON!!! You have helped me out of more than one jam!!
-rc
Thanks for the kind words, and glad to have been of assistance.