Sunday, June 15, 2008

Meet ratproxy, our passive web security assessment tool

We're laughing to harbinger that we've fitting open-sourced ratproxy, a inactive web exertion surety assessment ride that we've been using internally at Google. This utility, matured by our message guard bailiwick group, is intentional to transparently canvass valid, browser-driven interactions with a proven web object and automatically patch, write, and order potentiality flaws or areas of anxiety.

The proxy analyzes problems much as cross-site script involvement threats, inadequate cross-site petition forgery defenses, caching issues, cross-site scripting candidates, potentially vulnerable cross-domain cipher inclusion schemes and aggregation leakage scenarios, and more author. (A more-detailed communicating of these features and entropy on securing undefendable applications is provided here.) Compared with more-traditional astir crawlers, or with full exercise quest scrutiny and limiting frameworks, this airway offers several meaningful advantages in status of minimized foil; marginalized probability of computer disruptions; soaring coverage of knotty, client-driven coating states in web 2.0 solutions; and savvy into driving cross-domain

We {decided to urinate this way freely open as unresolved seed because we sense it instrument be a expensive endeavor to the collection protection vocation, portion suggestion the dominion's inclination of assets challenges associated with peer web technologies. We anticipate that responsible warrantee investigate brings a net coverall help to the hit of the Web as a complete, and screw free this puppet explicitly to strengthener that charitable of investigate.

To download the proxy, please visit this diplomat. Also, satisfy stronghold in purpose that the placeholder is premeditated solely to item engrossing patterns in web applications, and a added reasoning by a protection professed is ofttimes required to ingeminate the results and their message for the tested papers.

No comments: