So let’s say that you decide to write a tool for doing some web related exploitation, enumeration, etc. The preferred language of choice comes down to perl, python ruby (C if you are an old school diehard).
It has to run from the command line. It has to have flags, etc, etc, and pretty much everything else a command line tool usually needs. [...]
So we all know about cross-domain vulnerabilities that allow attackers to run code within the security context of the target domain. Typically, they are either a XSS bug on the server-side application, or a bug in the client (web browser plugin or web browser itself). Most of the times, these vulnerabilities require some type of interaction from the victim user. i.e.: being tricked to click on a link or visit a malicious page.
Now, most techies are familiar with bookmarklets. [...]
test your web apps with websecurify application security testing runtime