Speaking of Web Application Security Tools...

Microsoft has released an 'open-source' (that's right!) application called !exploitable, which was announced at the CanSecWest security conference in Vancouver, British Columbia. It's a Windows debugger extension that can be used during the first phases of application design. Testers can test the stability and security of an application by throwing unexpected data at it, also called fuzzing. It is available at this link on CodePlex.

The CanSecWest presentation slides are here.

Help is here...

Ok, so maybe I've been too hard on HP/SPY. Free tools buy friends!

Wait a minute...where's the... Ohhh... Well, maybe its not exactly "Free" of everything...

At least it's something. Let's take it for a drive shall we.