Ratproxy a web application security audit tool
Check it out... major coolness!
Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. The approach taken with ratproxy offers several important advantages over more traditional methods:* No risk of disruptions.
* Low effort, high yield.
* Preserved control flow of human interaction.
* WYSIWYG data on script behavior.
* Easy process integration.
Is it worth trying out?
There are numerous alternative proxy tools meant to aid security auditors - most notably WebScarab, Paros, Burp, ProxMon, and Pantera. Stick with whatever suits your needs, as long as you get the data you need in the format you like.
0 TrackBacks
Listed below are links to blogs that reference this entry: Ratproxy a web application security audit tool.
TrackBack URL for this entry: http://kennethhunt.com/mt/mt-tb.cgi/1884
Search
Safari Online
Mike Erdely
The Open Prosthetics Project
Andrew W. Moore
Talking Out Loud with ASB
ducea
Andrew Baker
*scottstuff*
Ask Bjorn Hansen
Joe Topjian
John Sequeira's Weblog
Team Murder
defective yeti
postneo
Ben Hammersley
Chez Chrissie
The Frosty Mug Revolution
Jeremy Zawodny's blog
Lucas Gonze
Eric Norlin
slashdot
John Vu
Net Observer
Books Observer
Sterling
Bill Buxton
Melanie Rieback