Watcher: a free web-app security testing and compliance auditing tool
"I announced Watcher at CanSecWest and I’m happy to say IE8 Security Program Manager and Fiddler author Eric Lawrence also announced our it at MIX09 yesterday. Check out his talk at http://videos.visitmix.com/MIX09/T54F it’s an eye opener for Web developers - introducing us to the new features of IE8 while also covering state-of-the-art secure development practices for today’s Web applications.
Watcher is designed as a Fiddler plugin that passively monitors HTTP/S traffic for vulnerabilities. It gives pen-testers hot-spot detection for user-controlled inputs, open redirects, and other issues, and it gives auditors an easy way to find PCI compliance and other organizational issues."