Google RatProxy looks for cross-site flaws

Free tool helps Web developers analyze their site for a variety of cross-site vulnerabilities.

Google released a free tool Tuesday that should help Web developers find and fix cross-site vulnerabilities.

The tool, RatProxy, is described by Google as "a semi-automated, largely passive Web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments."

The tool is versatile, detecting and ranking a broad class of vulnerabilities. Included are script injections, cross-site trust attacks, content-serving vulnerabilities, cross-site request forgeries (XSRF), and cross-site scripting (XSS).

RatProxy runs on Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Google RatProxy detects and prioritizes a variety of common cross-site vulnerabilities. Google

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

As Xbox One gets a little sweeter, HoloLens gets Xbox Live

Microsoft announces new features coming to Xbox One, including the ability to record TV shows. Also, the company opens up Xbox Live to HoloLens programmers.

by Bridget Carey