Computing Tips: Google gives away free Web application security scanner

Google has released for free one of its internal tools used for testing the security of web-based applications.

Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in web applications, such as errors that could allow a cross-site scripting attack or cause caching problems.

“We decided to make this tool freely available as open source because we feel it will be a valuable contribution to the information security community, helping advance the community’s understanding of security challenges associated with contemporary web technologies,” wrote Google’s Michal Zalewski on a company security blog.

Ratproxy — released as version 1.51 beta — is quick and less intrusive than other scanners in that it is passive and does not generate a high volume of attack-simulating traffic when running, Zalewski wrote. Active scanners can cause problems with application performance.

The tool sniffs content and can pick out snippets of JavaScript from style sheets. It also supports SSL (Secure Socket Layer) scanning, among other features.

Read more …

What is Ratproxy?

Click here to see more Computing Tips from the AmCham Webmaster.

Click the logos below to download Firefox, Internet Explorer, or Safari for Windows XP, Vista, or Mac.

Firefox 2Windows Internet Explorer 7

Safari 3 for Windows PC and Mac