[Owasp-turkey] FW: [tool] ratproxy - passive web application security assessment tool

Mesut Timur mesut at h-labs.org
Thu Jul 3 05:39:37 EDT 2008


Michal Zalewski yine güzel iş çıkarmış , blogda da bahsettim : http://www.h-labs.org/blog/2008/07/03/ratproxy_ve_michal_zalewski.html
-----------------------------------------------------------------------

 Date: Wed, 2 Jul 2008 02:35:24 +0200
 From: lcamtuf at dione.cc
 To: webappsec at securityfocus.com
 Subject: [tool] ratproxy - passive web application security assessment tool
 
 Hi all,
 
 I am happy to announce that we've just open sourced ratproxy - a free, passive 
 web security assessment tool. This utility is designed to transparently analyze 
 legitimate, browser-driven interactions with tested web applications - and 
 automatically pinpoint, annotate, and prioritize potential flaws or areas of 
 concern on the fly.
 
 The proxy analyzes problems such as cross-site script inclusion threats, 
 insufficient cross-site request forgery defenses, caching issues, potentially 
 unsafe cross-domain code inclusion schemes and information leakage scenarios, 
 and much more.
 
 For a detailed discussion of the utility, please visit:
 http://code.google.com/p/ratproxy/wiki/RatproxyDoc
 
 Source code is available at:
 http://code.google.com/p/ratproxy/downloads/list
 
 And finally, screenshot of a sample report can be found here:
 http://lcamtuf.coredump.cx/ratproxy-screen.png
 
 The tool should run on Linux, *BSD, MacOS X, and Windows (Cygwin). Since it is 
 in beta, there might be some kinks to be ironed out, and not all web 
 technologies might be properly accounted for. Feedback is appreciated.
 
 Please keep in mind that the proxy is meant to highlight interesting patterns 
 in web applications; a further analysis by a security professional is required 
 to interpret the significance of results for a particular platform.
 
 Cheers,
 /mz
 
 

_________________________________________________________________
Enter the Zune-A-Day Giveaway for your chance to win — day after day after day
http://www.windowslive-hotmail.com/ZuneADay/?locale=en-US&ocid=TXT_TAGLM_Mobile_Zune_V1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-turkey/attachments/20080703/c5425e08/attachment.html 


More information about the Owasp-turkey mailing list