Google has released its free Ratproxy
. This semi-automated, largely passive web application security audit tool
is for those who want to test the security of their Web-based apps, like cross-site scripting attacks. Michal Zalewski, Google's security expert, wrote on the company’s security blog that Google’s information security engineering team developed the open-source Ratproxy to “transparently analyze legitimate, browser-driven interactions with a tested Web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern.” Ratproxy is licensed under Apache 2.0, though “the proxy is designed solely to highlight interesting patterns in Web applications.” Is this a suggestion that you must have your own people to interpret the results?
Labels: Google, Security