×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Gives Away Web App Security Tool

timothy posted more than 5 years ago | from the to-whom-it-may-concern dept.

Google 30

CWmike writes "Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

30 comments

frosty piss (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24051819)

munch my asshole.

first post! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24051885)

first post!

Re:first post! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24052031)

You're 4 minutes too late, douchebag.

Proving once again... (1)

Enderandrew (866215) | more than 5 years ago | (#24051895)

...despite all the haters, that Google certainly isn't evil.

Thanks!

Re:Proving once again... (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24051909)

fuck the h8rs, yo

Re:Proving once again... (1, Informative)

Anonymous Coward | more than 5 years ago | (#24052111)

Or just proving that there's a lot of developers at Google that aren't evil.
A corporation exists for the benefit of it's shareholders. As long as the shareholders interests are honorable, the company will stay that way. When Shareholder interest moves focus to maximizing profit "Do no evil" becomes a nice catchphrase.

Everything is evil, just watch me if I had the same opportunity...

Re:Proving once again... (0)

Anonymous Coward | more than 5 years ago | (#24052671)

...despite all the haters, that Google certainly isn't evil.

As many people sitting in Chinese prisions can certainly attest to.

"DUNT BE TEH EVEL, UNLES IT OOTSIDE TEH US OF TEH A!!!11!!"

Re:Proving once again... (0)

Anonymous Coward | more than 5 years ago | (#24052691)

Sounds like a group of lolcats...

Re:Proving once again... (0)

Anonymous Coward | more than 5 years ago | (#24053047)

maybe we should send them some cheezburgers

Re:Proving once again... (1)

RiotingPacifist (1228016) | more than 5 years ago | (#24056155)

DO google pass on failed search attempts? I thought that they simply blocked certain keywords completely meaning that people searching for that stuff are probably safer than if they found the results.

Re:Proving once again... (0)

Anonymous Coward | more than 5 years ago | (#24054039)

how many of the *haters* are really other Corporations in disguise paying people to say shit about Google? It's not like munchkins haven't been around before.

First post! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24051955)

First post!

Re:First post! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24051989)

Next time press "get more comments" before replying...

Re:First post! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24052803)

Hey, thanks for munching my ass!

-- the guy who got first post, 10 minutes before you.

Works great (5, Informative)

tcopeland (32225) | more than 5 years ago | (#24052087)

Just run it with "-xX" and see what it finds in terms of XSS vulnerabilities... I used it this afternoon on an app and found a bunch of stuff. Some problems were tricky, other problems were simple ones of the "alert('hi')" variety. And it's in C so it's fast enough to browse through without being annoying. RatProxy + FireBug make a great combo. Thanks Google!

Re:Works great (4, Funny)

VGPowerlord (621254) | more than 5 years ago | (#24052513)

If you run it with -xXx, it'll find any pornographic images on your site.

Re:Works great (0)

Anonymous Coward | more than 5 years ago | (#24052829)

And crappy action movies.

Oooh, goody goody... (5, Funny)

T3Tech (1306739) | more than 5 years ago | (#24053613)

a new toy to play with.

In other news, Viacom has petitioned the court for Google's logs of users who downloaded their ratproxy tool after it was used to reveal vulnerabilities on certain Viacom owned web sites.

I hate it when I have to RTFA (3, Interesting)

museumpeace (735109) | more than 5 years ago | (#24054167)

Google has a tool, Web Application Security Consortium have discovered a problem with large portion of sites. Are these two facts related? does the Google tool detect the named problems?

Script Kiddie Time! (1)

Cynic.AU (1205120) | more than 5 years ago | (#24055547)

Awesome, now I'm going to run around with my 1337 new tool, finding vulnerabilities in every website I can find on the internet. Then I'm going to post obnoxious defacement messages, pretending to be a Turkish hacker... :p

Windows version (1)

Espectr0 (577637) | more than 5 years ago | (#24057529)

Is there a windows build somewhere for those of us forced to use windows at work?

Re:Windows version (0)

Anonymous Coward | more than 5 years ago | (#24061745)

Is there a windows build somewhere for those of us forced to use windows at work? Dude, it's a security tool. Windows users need not apply!
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...