When doing a manual security assessment of a web application you generally only require a web browser and a local proxy server that allows you to trap and modify requests. Aside from those basic tools, there are a few tools and resources that come in handy. The following pages are dedicated to the tools and resources I use, or that I find useful.
This site does not condone malicious hacking of websites. The details, descriptions, tools and links provided are intended for auditing and educational purposes. Using this information for bad intent is, well… bad.