First, we will talk about the most basic tools for assessing web applications. These will help you to analyze how the application works and how it interacts between the application itself (including all its components) and the users.
Initially, the tool mostly used for this purpose was Paros Proxy, a simple HTTP proxy, developed in Java, with a single option:
But now we now have applications, add-ons, and plugins that are more focused on repetitive activities, and there are more options to analyze the applications' flow. So, let's discuss these tools.
Burp Suite is an HTTP proxy, developed by PortSwigger (https://portswigger.net/). I think this HTTP proxy is more often used by security guys, despite being a private tool and not free; however, there is a free edition available too. The difference between the free and the private editions is the vulnerability scanner included in the private edition, which is great.
As Burp Suite...