Testing web applications, it’s pretty time-expensive and needs the correct utilization of web proxies. SecurityCompass released a different toolkit, named XSS-ME and SQL INJECT-ME which perform a XSS and SQL INJECTION testing directly on-Fly (without interacting to web proxies ) as a FireFox plug-in.
You can read more here and here. Actually I got no time to try them, so if someone is going to try this new toolkit please let me know about the main differences between SecurityCompass solution and , for instance,the current de-facto standard OWASP framework. Thank you guys !