Watcher: A new web security testing tool

From Microsoft’s SDL blog (Chris Weber)
I’m writing to tell you about our new Watcher tool for web-app security auditing and testing.  Watcher is a plug-in for Eric Lawrence’s Fiddler proxy aimed at helping developers and testers find security issues in their web-apps fast and effortlessly.  Because it works passively at runtime, you have to drive it by opening a browser and cruising through your web-app as an end user.  For the developer, the tool can provide a quick sanity check, so you can find problems and hot-spots that warrant further attention.  In the hands of a pen-tester it can assist in finding issues that lead to other attacks like XSS and CSRF. Read the full story [msdn.com]

From Microsoft’s SDL blog (Chris Weber)

I’m writing to tell you about our new Watcher tool for web-app security auditing and testing.  Watcher is a plug-in for Eric Lawrence’s Fiddler proxy aimed at helping developers and testers find security issues in their web-apps fast and effortlessly.  Because it works passively at runtime, you have to drive it by opening a browser and cruising through your web-app as an end user.  For the developer, the tool can provide a quick sanity check, so you can find problems and hot-spots that warrant further attention.  In the hands of a pen-tester it can assist in finding issues that lead to other attacks like XSS and CSRF. Read the full story [msdn.com]

 

Suggested articles