Information Security Short Takes: Ratproxy - Google Web Security Assessment Tool

Search shortinfosec
Most Popular Posts
Blogger of the Day
Favorite Links
Blog Archive
▼ 2009 (3)

January (3)

► 2008 (134)

December (5)

November (4)

October (3)

September (2)

August (20)

July (27)

June (25)

May (15)

April (18)

March (1)

February (4)

January (10)
Alexa Rank

Internet Security
Recent Posts
Categories
- Blog carnival (7)
- business continuity (6)
- competition (2)
- Computer security (17)
- Databases (1)
- disaster recovery (2)
- encryption (7)
- forensics (7)
- fraud (4)
- GPS (1)
- How To (22)
- Incident Management (3)
- information security (82)
- information strategy (55)
- Instant Messaging (2)
- Network security (11)
- penetration testing (15)
- Physical security (4)
- privacy (8)
- SLA (4)
- software development (13)
- Solution building (26)
- steganography (1)
- Templates (2)
- training and certification (1)
Linkreferral

Site Meter

BlogCommunities

Ratproxy - Google Web Security Assessment Tool

The Google security team has released a free, open-source Web app security assessment tool. The tool is called Ratproxy, and can be found here:

http://code.google.com/p/ratproxy/

Google describes it as a semi-automated, largely passive web application security audit tool— to automatically pinpoint, annotate, and prioritize potential flaws or areas of concern on the fly.
Ratproxy remains in Beta (like most Google's products, it may be in permanent beta :))

It is currently available as source code, and needs to be compiled before use. According to Google's information, it should successfully compile on Linux, FreeBSD, MacOS X, and Windows (with Cygwin) .

Shortinfosec will publish a review of Ratproxy use, so stay tuned

Related posts
http://www.shortinfosec.net/2008/05/truecrypt-full-disk-encryption-review.html

Talckback and comments are most welcome