Ratproxy

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.

Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Boa iniciativa da Google em lançar como open-source esta ferramenta que poderá ajudar no debugging e prevenção de alguns problemas de segurança com as aplicações web 2.0.

Aqui fica o link para o post desta notícia no blog da Google.

This entry was posted on July 03rd, 2008 and is filed under Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response or Trackback from your own site.