Monday October 13, 2008 10:25 PM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Web > Google opens RatProxy security code

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Bulletin Advance Notification for October 2008
Microsoft Security Advisory (951306): Vulnerability in Windows Could Allow Elevation of Privilege

CERT/CC

Latest Comments

"very good"

on Akonix RogueAware

by abc | Oct 13, 2008 7:42 PM

"It sounds very good if it lives up to the statements"

on Kaspersky sends SOS to crack 1024 bit encryption key

by John Williams | Oct 11, 2008 11:57 AM

"Any good log system is going to be modular (separate from the web site itself), and more than ..."

on Popular porn site hacked by prudes

by Russ | Oct 9, 2008 7:21 PM

"Good"

on Yahoo patches Messenger ActiveX control flaws

by Francis Ayitey | Oct 6, 2008 10:48 AM

"With regard to the battle against cybercrime, Kaspersky Labs, the creator of the famous and ..."

on Eugene Kaspersky on the cybercrime arms race

by Mr. Anonymous | Oct 4, 2008 9:08 AM

Web

Google opens RatProxy security code

By Shaun Nichols
Jul 3, 2008 9:55 AM
Tags: Google | RatProxy | security | tool

Google has released the source code for a security tool it uses internally, the RatProxy software analyses web pages for potential security risks and reports them back to the site administrator.

Among the vulnerabilities RatProxy is able to test for are cross-site scripting flaws and incomplete cross-site defense mechanisms as well as potential data leak sources and risky code that retrieves data from outside domains.

The company hopes that developers will put the tool to use when coding new web-based services that rely on multiple sites and outside sources for data.

Google security engineer Michal Zalewski warned, however, that the tool should not be considered a substitute for a thorough analysis by a security professional.

"We feel it will be a valuable contribution to the information security community, helping advance the community's understanding of security challenges associated with contemporary web technologies," explained Zalewski.

"We believe that responsible security research brings a net overall benefit to the safety of the Web as a whole, and have released this tool explicitly to support that kind of research."

Users can download the tool from the Google Code site. The tool works on Windows, Linux, FreeBSD and MacOS X operating systems.

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Google opens RatProxy security code

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management