A semi-automated, largely passive web application security audit tool,
optimized for an accurate and sensitive detection, and automatic
annotation, of potential problems and security-relevant design
patterns based on the observation of existing, user-initiated traffic
in complex web 2.0 environments.
Detects and prioritizes broad classes of security
problems, such as dynamic cross-site trust model considerations,
script inclusion issues, content serving problems, insufficient XSRF
and XSS defenses, and much more.
ratproxy - passive web application security assessment tool
* Written and maintained by Michal Zalewski <firstname.lastname@example.org>.
* Copyright 2007, 2008 Google Inc, rights reserved.
* Released under terms and conditions of the Apache Licens
- Multiple report-related improvements:
- Proper CSS classes instead of current inline mess,
- Add better issue filtering capabilities based on host / path,
- Make it possible to edit target URLs in forms.
- Machine-readable output improvements: use
Version 2.0, January 2004
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.