Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Gives Away Web App Security Tool

Posted by timothy on from the to-whom-it-may-concern dept.

CWmike writes "Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss."

4 of 30 comments (clear)

  1. Works great by tcopeland · · Score: 5, Informative

    Just run it with "-xX" and see what it finds in terms of XSS vulnerabilities... I used it this afternoon on an app and found a bunch of stuff. Some problems were tricky, other problems were simple ones of the "alert('hi')" variety. And it's in C so it's fast enough to browse through without being annoying. RatProxy + FireBug make a great combo. Thanks Google!

    --
    The Army reading list
    1. Re:Works great by VGPowerlord · · Score: 4, Funny

      If you run it with -xXx, it'll find any pornographic images on your site.

      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  2. Oooh, goody goody... by T3Tech · · Score: 5, Funny
    a new toy to play with.

    In other news, Viacom has petitioned the court for Google's logs of users who downloaded their ratproxy tool after it was used to reveal vulnerabilities on certain Viacom owned web sites.

    --
    Of course I didn't RTFA... why would I do that? You really are new here aren't you? Don't let my UID fool you.
  3. Documentation by Kolargol00 · · Score: 4, Informative

    The documentation is here.

    --
    XML is like violence. If it doesn't solve the problem, use more. Junta