We couldn't wait until Monday to announce this simple but important feature we have managed to deliver this week. We are talking about the new sharing options available in Resend, Retest, Xmlfuzz and Jsonfuzz. The Share screen provides a quick and simple way to share requests and tests via web links.
The best thing is that you can put these links anywhere you like. You can stick them on web pages, documents, spreadsheets, presentations, bug tracking system, etc, etc, etc. Even more interestingly, these links anonimise the data they contain, meaning that the stuff you want to share never leave the premises of your browser. This is done via appending the data in the so called fragment identifier of the URL.
To understand how this works, let's have a look at the url structure as illustrated bellow:
Fragment identifiers are used to navigate within the page and are never sent to the web server. When the browser makes a request to fetch a link like
http://target/path/to/resource?param=value#data=value only this
http://target/path/to/resource?param=value is requested and
#data=value is kept for internal use only therefore never sent down the wire. This is how we keep the data private to you and out of even our own sight.
We believe that this mechanism opens the Suite to all kinds of new capabilities that will speed up the delivery of secure web applications and also reduce the security overhead. Think about it. There is no need to store any data in textual format or explain how a particular vulnerability works. Once you find the vulnerability you can simply share it in a reusable and re-testable format anybody can understand, repeat and built upon.
The devil is in the details. The devil is in the tools. This is the power of the Suite.