[ISN] Google open sources RatProxy security tool

From: InfoSec News <alerts_at_private>
Date: Thu, 3 Jul 2008 03:41:22 -0500 (CDT)

By Shaun Nichols in San Francisco
02 July 2008

Google has released the source code for a security tool it uses 

The RatProxy software analyzes web pages for potential security risks 
and reports them back to the site administrator.

Among the vulnerabilities RatProxy is able to test for are cross-site 
scripting flaws and incomplete cross-site defense mechanisms as well as 
potential data leak sources and risky code that retrieves data from 
outside domains.

The company hopes that developers will put the tool to use when coding 
new web-based services that rely on multiple sites and outside sources 
for data. Google security engineer Michal Zalewski warned, however, that 
the tool should not be considered a substitute for a thorough analysis 
by a security professional.

"We feel it will be a valuable contribution to the information security 
community, helping advance the community's understanding of security 
challenges associated with contemporary web technologies," explained 

"We believe that responsible security research brings a net overall 
benefit to the safety of the Web as a whole, and have released this tool 
explicitly to support that kind of research."

Users can download the tool from the Google Code site. The tool works on 
Windows, Linux, FreeBSD and MacOS X operating systems.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Thu Jul 03 2008 - 01:41:22 PDT

This archive was generated by hypermail 2.2.0 : Thu Jul 03 2008 - 01:58:37 PDT