Google RatProxy looks for cross-site flaws

Free tool helps Web developers analyze their site for a variety of cross-site vulnerabilities.

Google released a free tool Tuesday that should help Web developers find and fix cross-site vulnerabilities.

The tool, RatProxy, is described by Google as "a semi-automated, largely passive Web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments."

The tool is versatile, detecting and ranking a broad class of vulnerabilities. Included are script injections, cross-site trust attacks, content-serving vulnerabilities, cross-site request forgeries (XSRF), and cross-site scripting (XSS).

RatProxy runs on Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Google RatProxy detects and prioritizes a variety of common cross-site vulnerabilities. Google

Featured Video

Your phone's screen is ruining your sleep

Staring at your Phone's screen might be hazardous for your sleep, unless you change the color temperature. Sharon Profis explains on "You're Doing It All Wrong."

by Sharon Profis