[ insider_reports_insider ]
Google Open-Sources Ratproxy Security Tool
David Utter
Staff Writer
2008-07-03
 Insider Reports RSS Feed
An internally-used web application security assessment tool called ratproxy gained broader availability with Google's decision to release it publicly.
 | | Google Open-Sources Ratproxy Security Tool |  |
Google announced ratproxy with a distinct caveat for security pros: it's designed to highlight "interesting patterns" regarding web applications.
Having those highlights should be of assistance in a time where web application attacks take place regularly. Ratproxy looks at a variety of potential flaws with an application; the brief list of issues Google noted as examples would be daunting if they were the only threats to websites.
"The proxy analyzes problems such as cross-site script inclusion threats, insufficient cross-site request forgery defenses, caching issues, cross-site scripting candidates, potentially unsafe cross-domain code inclusion schemes and information leakage scenarios, and much more," Google said.
A sample snapshot of ratproxy showed how it would report on a potential XSRF trouble spot. POST requests that an application could accept without a security token represent a route for attackers to take into a website.
Mozilla grabs world record: Over 8 million downloads of Firefox 3 in a 24 hour period proved good enough to put the Mozilla Foundation into the list of Guinness World Records.
Mozilla's Mary Colvin blogged about the achievement, noting 8,002,530 people downloaded Firefox 3.
On the security side, researchers quickly found a flaw in Firefox 3 only hours after the Download Day event began. The issue also applied to Firefox 2, which recently received several updates. Those fixes also corrected security issues in Firefox 3.
View All Articles by David Utter
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
