http://www.vnunet.com/vnunet/news/2220583/google-releases-web-app
By Shaun Nichols in San Francisco
vnunet.com
02 July 2008
Google has released the source code for a security tool it uses
internally.
The RatProxy software analyzes web pages for potential security risks
and reports them back to the site administrator.
Among the vulnerabilities RatProxy is able to test for are cross-site
scripting flaws and incomplete cross-site defense mechanisms as well as
potential data leak sources and risky code that retrieves data from
outside domains.
The company hopes that developers will put the tool to use when coding
new web-based services that rely on multiple sites and outside sources
for data. Google security engineer Michal Zalewski warned, however, that
the tool should not be considered a substitute for a thorough analysis
by a security professional.
"We feel it will be a valuable contribution to the information security
community, helping advance the community's understanding of security
challenges associated with contemporary web technologies," explained
Zalewski.
"We believe that responsible security research brings a net overall
benefit to the safety of the Web as a whole, and have released this tool
explicitly to support that kind of research."
Users can download the tool from the Google Code site. The tool works on
Windows, Linux, FreeBSD and MacOS X operating systems.
Received on Thu Jul 3 03:41:22 2008