Google RatProxy looks for cross-site flaws

By Robert Vamosi, CNET News.com
Monday, July 07, 2008 10:20 AM

Google released a free tool Tuesday that should help Web developers find and fix cross-site vulnerabilities.

The tool, RatProxy, is described by Google as "a semi-automated, largely passive Web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments."

The tool is versatile, detecting and ranking a broad class of vulnerabilities. Included are script injections, cross-site trust attacks, content-serving vulnerabilities, cross-site request forgeries (XSRF), and cross-site scripting (XSS).

RatProxy runs on Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

This article was first published as a blog on CNET News.com.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

3 lessons a CIO can learn from Windows 7

Tech Management

Microsoft's missteps with Vista, and attempts at redemption with Windows 7, offers firms valuable lessons in IT, be it in rolling out a new corporate application or delivering millions of copies of a new OS.


Read more »



Ultimate 2012 recovery site: the moon

Blog thumbnail

Have you seen the disaster movie "2012"? A friend from Control Risks and I did, and we reluctantly concluded we wouldn't be able to write off the cost of our..... by Nathaniel Forbes

Read more »

Tags

  1. attack
  2. authentication and encryption
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. symantec corp.
  19. viruses and worms
  20. web