Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Gives Away Web App Security Tool

Posted by timothy on Thursday July 3, 2008 @10:22AM from the to-whom-it-may-concern dept.

CWmike writes "Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss."

3 of 30 comments (clear)

Min score:

Reason:

Sort:

Works great by tcopeland · 2008-07-03 10:47 · Score: 5, Informative

Just run it with "-xX" and see what it finds in terms of XSS vulnerabilities... I used it this afternoon on an app and found a bunch of stuff. Some problems were tricky, other problems were simple ones of the "alert('hi')" variety. And it's in C so it's fast enough to browse through without being annoying. RatProxy + FireBug make a great combo. Thanks Google!

--
The Army reading list
Documentation by Kolargol00 · 2008-07-03 18:57 · Score: 4, Informative

The documentation is here.

--
XML is like violence. If it doesn't solve the problem, use more. Junta
Re:Windows version by allcar · 2008-07-04 00:35 · Score: 2, Informative

Some people report success building and running this under Cygwin.