- BeEF - Manipulate the browser exploiting any XSS vulns you find.
- OWASP ZAP - This intercepting proxy allows you to see all HTTP traffic and manipulate it in real time. Easy to scan, catalog and exploit security issues.
- Cookie Inspector - View and Edit Cookies easily using the developer tools pane.
Make your life easier
- BareTail - Brings the tail linux command to Windows, coloured lines and REGEX search and loads of other features.
- ProxySwitcher - We all have to mess with proxies, this makes it a lot easier when using Test/Prod/localhost proxies.
- Full Page Screenshot - For when PrintScreen isn't big enough.
- Form Filler - Large forms can be really irritating to fill out each time, speed it up with dummy data.
- Bug Magnet - Suggests values based on the field type.
- Check All - "Select All" is often not available. Why not bring your own?
- MyWords - Handy extension that can be used to save common snippets (Jira tables, test data etc.) you use often for easy typing.
- Xmind - The best (free) Mindmapping tool for documenting your tests.
- Colour Blindness Simulator - Simulate all types of Colour Blindness instantly!
- Yslow - Analyse why web pages are slow based on Yahoo!'s rules for performance.
- Agile Testing: A Practical Guide - A how to guide for those looking to transition to an Agile as a tester and also how the authors work on their Agile teams.
- Explore It!: Reduce Risk and Increase Confidence with Exploratory Testing - A very good book on structuring Exploratory Testing and designing tests.
- The Domain Testing Workbook - An in-depth look at the most common test technique, Domain Testing (also called Boundary Analysis and Equivalence Class partitioning) in use today with lots of examples to become better.
- Don't Make Me Think: A Common Sense Approach to Web Usability - An incredibly useful book for usability testing.
- Lessons Learn in Software Testing - One of the best books on Software Testing, broken into bite size lessons that are as applicable now as when it was published.
- UI is Communication - How to make intuitive User Interfaces (UI and Usability Testing).
- Thinking, Fast and Slow - About how we make decisions and how to run experiments (experiments == tests).
Training (Includes developer training for automation testers)
- Learn to Code - Another list for developer training
- The Dojo - Courses and talks directly from the testing community.
- Guru99 - Learn by experience, a bit more fun than video training.
- Coursera - Online courses from top universities.
- Cybrary - Online free security training.
- BBST Testing Courses - The famous Black Box Software Testing (BBST) courses are university level courses on Software Test Foundations, Bug Reporting and Test Design. These materials have been creative commons licensed for use by anyone. Includes articles, slides and video lectures.
- Falsehoods - A funny and educational list of why nothing in Software Development is ever easy. Think you can store a marriage in a DB?
- Naughty Strings - This is the famous list of Naughty Strings. If you're doing some field validation, look no further for inspiration.
- Unicode - A great resource for learning how unicode works and the issues it can cause.
- Learn to Code - Learning to code, for those looking to make the move to automation
- Application Security - Incredibly extensive, but you'll find something to fit the bill.
- Selenium - Better than searching Google if you know what you want.
- Security - This is mostly focused on Infrastructure, but if you're testing a series of systems, this is very useful.
- Software Quality - A list of free software testing and verification resources.