Google Gives Away Web App Security Tool 30

Posted by timothy on Thursday July 03, 2008 @05:22PM from the to-whom-it-may-concern dept.

CWmike writes "Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss."

Google Gives Away Web App Security Tool

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 30 Comments Log In/Create an Account

Comments Filter:

Proving once again... (Score:2)

by Enderandrew ( 866215 ) writes:

...despite all the haters, that Google certainly isn't evil.
Thanks!
- Re: (Score:1, Informative)
  
  by Anonymous Coward writes:
  
  Or just proving that there's a lot of developers at Google that aren't evil.
  A corporation exists for the benefit of it's shareholders. As long as the shareholders interests are honorable, the company will stay that way. When Shareholder interest moves focus to maximizing profit "Do no evil" becomes a nice catchphrase.
  Everything is evil, just watch me if I had the same opportunity...
- Re: (Score:1)
  
  by Sta7ic ( 819090 ) writes:
  
  Surrre. What were they using it for before they released it?
- - Re: (Score:2)
    
    by RiotingPacifist ( 1228016 ) writes:
    
    DO google pass on failed search attempts? I thought that they simply blocked certain keywords completely meaning that people searching for that stuff are probably safer than if they found the results.
Works great (Score:5, Informative)

by tcopeland ( 32225 ) writes: <tom@NoSPaM.thomasleecopeland.com> on Thursday July 03, 2008 @05:47PM (#24052087) Homepage

Just run it with "-xX" and see what it finds in terms of XSS vulnerabilities... I used it this afternoon on an app and found a bunch of stuff. Some problems were tricky, other problems were simple ones of the "alert('hi')" variety. And it's in C so it's fast enough to browse through without being annoying. RatProxy + FireBug make a great combo. Thanks Google!

- Re:Works great (Score:5, Funny)
  
  by VGPowerlord ( 621254 ) writes: on Thursday July 03, 2008 @06:24PM (#24052513)
  
  If you run it with -xXx, it'll find any pornographic images on your site.
  
  - Re: (Score:3, Funny)
    
    by Ynot_82 ( 1023749 ) writes:
    
    and 4x's gives you free beer
  - Re: (Score:2)
    
    by CMonk ( 20789 ) writes:
    
    I got a buffer overflow on my site.
  - Re: (Score:2)
    
    by agendi ( 684385 ) writes:
    
    Or Vin Diesel.
win32 compile (Score:1, Informative)

by Anonymous Coward writes:

dont trust random executables from the internet
http://www.sendspace.com/file/hiwcs7 [sendspace.com] (needs cygwin)
Oooh, goody goody... (Score:5, Funny)

by T3Tech ( 1306739 ) writes: <tj@@@t3technet...com> on Thursday July 03, 2008 @08:09PM (#24053613) Homepage

a new toy to play with.

In other news, Viacom has petitioned the court for Google's logs of users who downloaded their ratproxy tool after it was used to reveal vulnerabilities on certain Viacom owned web sites.

I hate it when I have to RTFA (Score:4, Interesting)

by museumpeace ( 735109 ) writes: on Thursday July 03, 2008 @09:19PM (#24054167) Journal

Google has a tool, Web Application Security Consortium have discovered a problem with large portion of sites. Are these two facts related? does the Google tool detect the named problems?

Script Kiddie Time! (Score:1)

by Cynic.AU ( 1205120 ) writes:

Awesome, now I'm going to run around with my 1337 new tool, finding vulnerabilities in every website I can find on the internet. Then I'm going to post obnoxious defacement messages, pretending to be a Turkish hacker... :p
Documentation (Score:4, Informative)

by Kolargol00 ( 1177651 ) writes: on Friday July 04, 2008 @01:57AM (#24055815)

The documentation is here [google.com].

Windows version (Score:2)

by Espectr0 ( 577637 ) writes:

Is there a windows build somewhere for those of us forced to use windows at work?
- Re: (Score:3, Informative)
  
  by allcar ( 1111567 ) writes:
  
  Some people report success building and running this under Cygwin.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Google Gives Away Web App Security Tool 30

Google Gives Away Web App Security Tool More Login

Google Gives Away Web App Security Tool

Proving once again... (Score:2)

Re: (Score:1, Informative)

Re: (Score:1)

Re: (Score:2)

Works great (Score:5, Informative)

Re:Works great (Score:5, Funny)

Re: (Score:3, Funny)

Re: (Score:2)

Re: (Score:2)

win32 compile (Score:1, Informative)

Oooh, goody goody... (Score:5, Funny)

I hate it when I have to RTFA (Score:4, Interesting)

Script Kiddie Time! (Score:1)

Documentation (Score:4, Informative)

Windows version (Score:2)

Re: (Score:3, Informative)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot