Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Who Is Running More Secure Browser Still an Open Question | Main | Microsoft Patches SQL Server Vulnerabilities »

Google's Open Source Security Audit Tool

Google has placed Ratproxy, a passive security audit tool, into open source


The tool is especially relevant to Web 2.0 developers, according to the documentation:

It is designed specifically to deliver concise reports that focus on prioritized issues of clear relevance to contemporary web 2.0 applications, and to do so in a hands-off, repeatable manner. It should not overwhelm you with raw HTTP traffic dumps, and it goes far beyond simply providing a framework to tamper with the application by hand.

It is designed to catch, among other things:

  • Potentially unsafe JSON-like responses that may be vulnerable to cross-domain script inclusion.
  • Bad caching headers on sensitive content.
  • Suspicious cross-domain trust relationships.
  • Numerous classes of content serving issues
  • Queries with insufficient XSRF defenses
  • Suspected or confirmed XSS / data injection vectors
  • HTTP and META redirectors.

The application can be downloaded from Google code.

Tags:                
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on July 8, 2008 2:02 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/779

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net