Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Gives Away Web App Security Tool

Posted by timothy on from the to-whom-it-may-concern dept.

CWmike writes "Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss."

2 of 30 comments (clear)

  1. Works great by tcopeland · · Score: 5, Informative

    Just run it with "-xX" and see what it finds in terms of XSS vulnerabilities... I used it this afternoon on an app and found a bunch of stuff. Some problems were tricky, other problems were simple ones of the "alert('hi')" variety. And it's in C so it's fast enough to browse through without being annoying. RatProxy + FireBug make a great combo. Thanks Google!

    --
    The Army reading list
  2. Documentation by Kolargol00 · · Score: 4, Informative

    The documentation is here.

    --
    XML is like violence. If it doesn't solve the problem, use more. Junta