Google released a free tool Tuesday that should help Web developers find and fix cross-site vulnerabilities.

The tool, RatProxy, is described by Google as "a semi-automated, largely passive Web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments."

The tool is versatile, detecting and ranking a broad class of vulnerabilities. Included are script injections, cross-site trust attacks, content-serving vulnerabilities, cross-site request forgeries (XSRF), and cross-site scripting (XSS).

RatProxy runs on Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Google RatProxy detects and prioritizes a variety of common cross-site vulnerabilities. (Credit: Google)

Related links

Leave a comment

You must read and type the 6 chars within 0..9 and A..F

* indicates mandatory fields.

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff Microsoft prescribes more REST

    Details have begun to emerge about the next versions of Visual Studio and Windows Server this week -- and the message from Redmond is to REST up Read more »

    -- posted by Staff

  • Chris Duckett .NET looks to REST

    With news that REST will play a big part in the next version of the .NET Framework, it is timely to take a look at ADO.NET. Read more »

    -- posted by Chris Duckett

  • Renai LeMay Spellr.us needs a new dictionary

    One of the only Australian start-ups to present at the recent round of conferences in the US was Sydney-based spellr.us, which has launched a Web-based tool to check and monitor websites for spelling mistakes. Read more »

    -- posted by Renai LeMay

What's on?