Google announced the release of ratproxy, a passive web application security assessment tool that they’ve been using internally at Google. This utility, developed by their information security engineering team, is designed to transparently analyse legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern.
The proxy analyses problems such as cross-site script inclusion threats, insufficient cross-site request forgery defences, caching issues, cross-site scripting candidates, potentially unsafe cross-domain code inclusion schemes and information leakage scenarios, and much more.
Federico Cargnelutti 