Google freely released its personal tool for checking security issues of web applications as an open source tool.Ratproxy is the name of the devil that is released under an Apache 2.0 software license.Google says “Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments“
The ratproxy analyzes following problems
- Cross-site script inclusion threats
- Insufficient cross-site request forgery defenses
- Caching issues, cross-site scripting candidates
- Unsafe cross-domain code inclusion schemes
- Information leakage scenarios
- Content serving problems
- Insufficient XSRF and XSS defenses
- HTTP and META redirector’s
- Suspected or confirmed XSS / data injection vectors
Supported OS : Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
Read More - Ratproxy Doc
0 comments
Post a Comment