Google Gives Away Web App Security Tool 30
CWmike writes "Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss."
Works great (Score:5, Informative)
Just run it with "-xX" and see what it finds in terms of XSS vulnerabilities... I used it this afternoon on an app and found a bunch of stuff. Some problems were tricky, other problems were simple ones of the "alert('hi')" variety. And it's in C so it's fast enough to browse through without being annoying. RatProxy + FireBug make a great combo. Thanks Google!
Re:Proving once again... (Score:1, Informative)
Or just proving that there's a lot of developers at Google that aren't evil.
A corporation exists for the benefit of it's shareholders. As long as the shareholders interests are honorable, the company will stay that way. When Shareholder interest moves focus to maximizing profit "Do no evil" becomes a nice catchphrase.
Everything is evil, just watch me if I had the same opportunity...
win32 compile (Score:1, Informative)
dont trust random executables from the internet
http://www.sendspace.com/file/hiwcs7 [sendspace.com] (needs cygwin)
Documentation (Score:4, Informative)
Re:Windows version (Score:3, Informative)