Ad: Manage updates with the Download App

ratproxy

Google RatProxy looks for cross-site flaws

Google released a free tool Tuesday that should help Web developers find and fix cross-site vulnerabilities.

The tool, RatProxy, is described by Google as "a semi-automated, largely passive Web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments."

The tool is versatile, detecting and ranking a broad class of vulnerabilities. Included are script injections, cross-site trust attacks, content-serving vulnerabilities, cross-site request forgeries (XSRF), and cross-site scripting (XSS).

RatProxy runs on Linux, FreeBSD, … Read more

Google opens-up Ratproxy code

Perhaps Viacom should have just asked nicely for Google's YouTube code.

This week, a federal judge denied Viacom's demand that Google turn over its YouTube source code, arguing that "YouTube and Google should not be made to place this vital asset in hazard merely to allay speculation."

Ironically, on that same day, Google freely open-sourced Ratproxy, a passive Web application security audit tool developed for Google's internal use and now made generally available.

Google's Michael Zalewski writes:

We decided to make this tool freely available as open source because we feel it will be … Read more