Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Gives Away Web App Security Tool

Posted by timothy on from the to-whom-it-may-concern dept.

CWmike writes "Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss."

7 of 30 comments (clear)

  1. Works great by tcopeland · · Score: 5, Informative

    Just run it with "-xX" and see what it finds in terms of XSS vulnerabilities... I used it this afternoon on an app and found a bunch of stuff. Some problems were tricky, other problems were simple ones of the "alert('hi')" variety. And it's in C so it's fast enough to browse through without being annoying. RatProxy + FireBug make a great combo. Thanks Google!

    --
    The Army reading list
    1. Re:Works great by VGPowerlord · · Score: 4, Funny

      If you run it with -xXx, it'll find any pornographic images on your site.

      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
    2. Re:Works great by Ynot_82 · · Score: 3, Funny

      and 4x's gives you free beer

  2. Oooh, goody goody... by T3Tech · · Score: 5, Funny
    a new toy to play with.

    In other news, Viacom has petitioned the court for Google's logs of users who downloaded their ratproxy tool after it was used to reveal vulnerabilities on certain Viacom owned web sites.

    --
    Of course I didn't RTFA... why would I do that? You really are new here aren't you? Don't let my UID fool you.
  3. I hate it when I have to RTFA by museumpeace · · Score: 3, Interesting

    Google has a tool, Web Application Security Consortium have discovered a problem with large portion of sites. Are these two facts related? does the Google tool detect the named problems?

    --
    SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
  4. Documentation by Kolargol00 · · Score: 4, Informative

    The documentation is here.

    --
    XML is like violence. If it doesn't solve the problem, use more. Junta
  5. Re:Windows version by allcar · · Score: 2, Informative

    Some people report success building and running this under Cygwin.