Michal Zalewisk发布于Google Code的开源Web应用安全审计工具,版权归属于Google。
A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.
Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.
该工具目前支持Linux,FreeBSD,MacOS X,Windows(Cygwin)。文档链接:ratproxy详细文档.
报告实例见内文:
Related posts:
David
Cindy Wong