for several yrs I've been a novice tester, just simple things like proof-reading the Help files and user guides, ensuring the GUI conforms to standards, etc. But now I've been asked to work on a website that requires me to have a solid understanding of web security and my boss wants me to "think like a hacker" so I'm having to learn real quick. I've been told to install "http header reader plug-ins" (or something like that) for every browser I'll be using. Apparently with these things installed, I can learn more about the web site I'm testing than what is normally accessible just through View > Source. I ran a variety of searches and found so much conflicting info my head spun. I downloaded a few plug-ins, but none appeared to work the way I imagined they should. So I asked my boss for more details and was told "just Google 'Hacker's toolbox' and you'll find some." No, I haven't yet, but I did find this site, so I'm throwing the question out to all you readers. He needs to ensure that his code is locked down as tightly as possible, that very little is accessible to others out there who may choose to rip apart the web site's underlying code. Apparently, if I install these plug-ins, I'll be able to better see what the hackers see, and can then report back. Can somebody point me in the right direction please??