Google released a free tool Tuesday that should help Web developers find and fix cross-site vulnerabilities.

The tool, RatProxy, is described by Google as "a semi-automated, largely passive Web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments."

The tool is versatile, detecting and ranking a broad class of vulnerabilities. Included are script injections, cross-site trust attacks, content-serving vulnerabilities, cross-site request forgeries (XSRF), and cross-site scripting (XSS).

RatProxy runs on Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Google RatProxy detects and prioritizes a variety of common cross-site vulnerabilities. (Credit: Google)

Related links

Leave a comment

You must read and type the 6 chars within 0..9 and A..F

* indicates mandatory fields.

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff Apple to developer: Fart jokes aren't funny

    When Apple announced it would be vetting every application submitted for inclusion in the App Store, this was just the kind of question that entered many a mind: just how arbitrary would the company be in wielding that veto power? Read more »

    -- posted by Staff

  • Staff Chrome is just another browser

    Hands up if you missed the Chrome release -- didn't think anyone did. Google's browser arrived with all the fanfare and hype that only Google can produce. Read more »

    -- posted by Staff

  • Renai LeMay 2Vouch refers well

    Melbourne-based Web start-up 2Vouch yesterday launched the first public beta of what it dubs its "social recruiting platform". Read more »

    -- posted by Renai LeMay

What's on?