I'm curious to hear what other people use to help with web app security testing, especially Java apps. Things that can facilitate URL hacking, form forging, etc. I've played with TCPMon a bit and am wondering about (free or cheap) alternatives. THanks, Becky