...would be nice
Personally I'm for Paros or even better Firefox with the Tamper Data extension.
I would like to know more about pen-testing webapplications. I have a little experience with websites development in the past. Of course when pen-testing/ auditing a website I want to address the entire spectrum of vulnerabilities (Top 10 OWASP):
A1 Unvalidated Input
A2 Broken Access Control
A3 Broken Authentication and Session Management
A4 Cross Site Scripting
A5 Buffer Overflow
A6 Injection Flaws
A7 Improper Error Handling
A8 Insecure Storage
A9 Application Denial of Service
A10 Insecure Configuration Management
I know commercial tools like WebInspect have this scope. But I still don't know how to use the open source tools included in BackTrack. But I want to learn! In the past I used Nikto and Wikto, but that's more for addressing vulnerabilities on the webserver level and of course I know how to do some manual injection testing like passing authentication in login forms.
Does somebody have some instructions on which tools to use and how to cover most of the above scope of vulnerabilitie?