Google RatProxy looks for cross-site flaws

Free tool helps Web developers analyze their site for a variety of cross-site vulnerabilities.

July 3, 2008 1:51 PM PDT

Google released a free tool Tuesday that should help Web developers find and fix cross-site vulnerabilities.

The tool, RatProxy, is described by Google as "a semi-automated, largely passive Web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments."

The tool is versatile, detecting and ranking a broad class of vulnerabilities. Included are script injections, cross-site trust attacks, content-serving vulnerabilities, cross-site request forgeries (XSRF), and cross-site scripting (XSS).

RatProxy runs on Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Google RatProxy detects and prioritizes a variety of common cross-site vulnerabilities.

(Credit: Google)

CNET Update

Google talks back in new voice search

Desktop users can have a conversation with Google search (sort of), the Kwikset Kevo locks doors with a finger tap, and Twitter adds a new twist for marketers.

Play Video