Latest News

Popular

Linux-Tip News

We are proud to present Linux-Tip Europe. This page is designed to provide the Linux users community (not only in Europe) with news and articles that are of interest to them. It works by allowing members of the community to submit news and articles relating to Linux hardware and software. This same community can then decide what tips should be promoted based on what they consider to be the most important or interesting to the community by voting stories up and down. Stories that receive enough votes are promoted to the Linux-Tip Europe homepage. Bookmark and Share
 
Home
Tip: Testing Web application security using Google's ratproxy Print E-mail
Friday, 12 September 2008

To help developers audit Web application security, Google has released an open source tool called ratproxy. It is a non-disruptive tool designed for Web 2.0 and AJAX applications that produces an easy-to-read report of potential exploits.

Ratproxy is a local program designed to sit between your Web browser and the application you want to test. It logs outgoing requests and responses from the application, and can generate its own modified transactions to determine how an application responds to common attacks.

 

The list of low-level tests it runs is extensive, and includes:

  • potentially unsafe JSON-like responses
  • bad caching headers on sensitive content
  • suspicious cross-domain trust relationships
  • queries with insufficient XSRF defenses
  • suspected or confirmed XSS and data injection vectors
Read more at Linux.com

 
< Prev   Next >
[ Back ]

Main Menu

Home
News
Tips and Tricks
Workshops
Video-Tutorials
Search
Contact Us
Disclaimer

Who's Online

We have 34 guests online

Virus Info Feed

Alexa Traffic Stats

Sedo - Domains kaufen und verkaufen das Projekt linux-tip.eu steht zum Verkauf Besucherstatistiken von linux-tip.eu etracker® Web-Controlling statt Logfile-Analyse