Good news for developers tired of testing their applications security, Google finally decided to release for the public Ratproxy – passive web application security assessment tool. Software is available under Apache 2.0 license terms and conditions which basically means that this tool can be used for free.
Interesting fact about Ratproxy is that it is NOT a new software. Google developers used heavily – and probably still use it – for testing new Google applications. So why they did it? Paraphrasing MichaĆ Zalewski from Google: “We decided to realase for free our tool, as an open source, because we belive our decision will make huge contribution into IT security”. The question remains, if they had such a good security tool why last year (2007) bloggers reported over 20 security holes in Google apps? Is it Ratproxy fault? i guess it is rather their programmers fault.
There are already few security tools like Ratproxy ou there, so why release next one? Google has an excellent answer for this question, it starts with … if you don’t like it then you don’t have to use it 
. Further they write that this software is designed for testing mainly Web 2.0 applications.
Ratproxy can simulate numerous different attacks i never even heared of, so for full documentation visit Ratproxy Docs.
One Comment on "Google web application security tool"
Quite interesting, I’ve been worried about security for quite some time on my various websites.
Hopefully this will help those of us with potentially soft websites for takover.