[Owasp-turkey] FW: [tool] ratproxy - passive web application security assessment tool

Mesut Timur mesut at h-labs.org
Thu Jul 3 05:39:37 EDT 2008

Michal Zalewski yine güzel iş çıkarmış , blogda da bahsettim : http://www.h-labs.org/blog/2008/07/03/ratproxy_ve_michal_zalewski.html

 Date: Wed, 2 Jul 2008 02:35:24 +0200
 From: lcamtuf at dione.cc
 To: webappsec at securityfocus.com
 Subject: [tool] ratproxy - passive web application security assessment tool
 Hi all,
 I am happy to announce that we've just open sourced ratproxy - a free, passive 
 web security assessment tool. This utility is designed to transparently analyze 
 legitimate, browser-driven interactions with tested web applications - and 
 automatically pinpoint, annotate, and prioritize potential flaws or areas of 
 concern on the fly.
 The proxy analyzes problems such as cross-site script inclusion threats, 
 insufficient cross-site request forgery defenses, caching issues, potentially 
 unsafe cross-domain code inclusion schemes and information leakage scenarios, 
 and much more.
 For a detailed discussion of the utility, please visit:
 Source code is available at:
 And finally, screenshot of a sample report can be found here:
 The tool should run on Linux, *BSD, MacOS X, and Windows (Cygwin). Since it is 
 in beta, there might be some kinks to be ironed out, and not all web 
 technologies might be properly accounted for. Feedback is appreciated.
 Please keep in mind that the proxy is meant to highlight interesting patterns 
 in web applications; a further analysis by a security professional is required 
 to interpret the significance of results for a particular platform.

Enter the Zune-A-Day Giveaway for your chance to win — day after day after day
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-turkey/attachments/20080703/c5425e08/attachment.html 

More information about the Owasp-turkey mailing list