Google Releases App Security Assessment Tool To Open Source

Google has released the code to its Ratproxy application security assessment tool to the open-source community, giving developers a new way to inspect their Web apps.Ratproxy works in the background to detect and prioritize broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, according to Google's Web site, where the code is available for free download. Ratproxy works in Linux, FreeBSD, MacOS X and Windows Unix emulator Cygwin environments.

By placing Ratproxy under the Apache 2.0 license, bloggers on ZDnet say the tool has the potential to become a standard feature in Web hosting systems and enterprise stacks. "This can quickly be adapted, and improved, by commercial providers and by enterprises frightened of the GPL?s code-sharing requirements," they said.InformationWeek