Manage updates with the Download App
Google RatProxy looks for cross-site flaws
Google released a free tool Tuesday that should help Web developers find and fix cross-site vulnerabilities.
The tool, RatProxy, is described by Google as "a semi-automated, largely passive Web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments."
The tool is versatile, detecting and ranking a broad class of vulnerabilities. Included are script injections, cross-site trust attacks, content-serving vulnerabilities, cross-site request forgeries (XSRF), and cross-site scripting (XSS).
RatProxy runs on Linux, FreeBSD, … Read more
%20posts%20on%20CNET&srcUrl=http://news.cnet.com/8300-5_3-0.html?keyword%3Dcross-site%2Brequest%2Bforgeries%2B(xsrf)&x_breadcrumb=5&x_arw_bkts=MAD:first_impression){kind=small}