Google has made Ratproxy, a tool used for testing the security of web-based applications, available for free.
Released under an Apache 2.0 software licence, Google's internal tool looks for a variety of coding problems in web applications, such as errors that could allow a cross-site scripting attack or cause caching problems.
"We decided to make this tool freely available as open source because we feel it will be a valuable contribution to the information security community, helping advance the community's understanding of security challenges associated with contemporary web technologies," said Google's Michal Zalewski in a company blog.
Ratproxy, released as version 1.51 beta, is quick-and-less intrusive, than other scanners in that it is passive and does not generate a high volume of attack-simulating traffic when running, Zalewski said. Active scanners can cause problems with application performance.
The tool sniffs content and can pick out snippets of JavaScript from stylesheets. It also supports Secure Socket Layer (SSL) scanning, among other features.
Since it runs in a passive mode, Ratproxy highlights areas of concern that "are not necessarily indicative of actual security flaws".
"The information gathered during a testing session should be then interpreted by a security professional with a good understanding of the common problems and security models employed in web applications," Zalewski added.
Code licensed under the Apache 2.0 licence may be incorporated in derivative works, including commercial ones, but the origin of the code must be acknowledged.
A 2006 survey by the Web Application Security Consortium found that almost 86 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26 percent were vulnerable to SQL injection and 16 percent had other faults that could lead to data loss.
As a result, security vendors have moved to fill the need for better security tools, with large technology companies acquiring smaller, specialised companies in the field.
In June 2007, IBM bought Watchfire, a company that focused on web application vulnerability scanning, data protection and compliance auditing. Two weeks later, HP said it would buy SPI Dynamics, a rival of Watchfire whose software also looks for vulnerabilities in web applications as well as performing compliance audits.
Saturday, July 5, 2008
ACA Will Summon Musa, Gani
BANGI, July 5 (Bernama) -- The Anti-Corruption Agency will summon Inspector-General of Police Tan Sri Musa Hassan and Attorney General Tan Sri Abdul Gani Patail to answer allegations over Datuk Seri Anwar Ibrahim's black-eye incident 10 years ago.
ACA Director-General Datuk Seri Ahmad Said Hamdan said the agency would conduct the investigation according to the law and in a transparent and professional manner regardless of Musa and Gani's status.
"The ACA has listed out 10 names including Musa, Gani and several other high-ranking individuals mentioned in Anwar's report to assist in the probe," he told reporters here Saturday.
Anwar alleged that Musa and Gani had fabricated some evidence in the investigation into the 1998 incident where he was beaten by Tan Sri Abdul Rahim Noor who was then Inspector-General of Police.
Said said the ACA would summon Musa and Gani when all the relevant papers were ready.
"We will investigate all those involved from various angles. Hence, we need a bit of time as the investigation requires a fair and professional study," he added.
ACA Director-General Datuk Seri Ahmad Said Hamdan said the agency would conduct the investigation according to the law and in a transparent and professional manner regardless of Musa and Gani's status.
"The ACA has listed out 10 names including Musa, Gani and several other high-ranking individuals mentioned in Anwar's report to assist in the probe," he told reporters here Saturday.
Anwar alleged that Musa and Gani had fabricated some evidence in the investigation into the 1998 incident where he was beaten by Tan Sri Abdul Rahim Noor who was then Inspector-General of Police.
Said said the ACA would summon Musa and Gani when all the relevant papers were ready.
"We will investigate all those involved from various angles. Hence, we need a bit of time as the investigation requires a fair and professional study," he added.
Wednesday, July 2, 2008
Infernal War Crisis
MP Seeks To Have Dr M Appear In Court For Explanation Over 1988 Judicial Crisis
KUALA LUMPUR, July 2 (Bernama) -- A member of parliament Wednesday suggested that former prime minister Tun Dr Mahathir Mohamad be given the opportunity to appear in court to explain the allegations hurled at him over the 1988 judicial crisis.
Datuk Abdul Ghapur Salleh (BN-Kalabakan) said this would help resolve the issue and end the arguments between Dr Mahathir and the government on the matter.
"Why don't we bring Tun Dr Mahathir to court to give an explanation? I feel he would be willing to appear in court so that he can personally explain his problem with regard to the judiciary, whether there was abuse of power or otherwise," he said during the debate on the motion on the mid-term review of the Ninth Malaysia Plan in the Dewan Rakyat, here.
Abdul Ghapur suggested that Minister in the Prime Minister's Department Senator Datuk Mohd Zaid Ibrahim raise the matter in the Cabinet.
"It is not good for a person who has served (the nation) for 22 years to be subjected to all kinds of accusations. I believe Tun Dr Mahathir will be willing to appear in court because he wants to clear his name. Perhaps, he may have some evidence which cannot be exposed and can only be revealed in court," he said.
Earlier, Abdul Ghapur, known for speaking out in parliament, questioned the rationale of the government adding on a RM30 billion allocation for the Ninth Malaysia Plan when no new projects were recommended.
He said that based on the mid-term review of the ninth plan tabled by Prime Minister and Finance Minister Datuk Seri Abdullah Ahmad Badawi last week, no details were given on new projects or why the supplementary allocation was made.
As such, he said, his understanding was that the supplementary allocation was to meet additional costs of contracts for old development projects agreed to by the government following the rise in the market prices of fuel and goods.
-BERNAMA-
KUALA LUMPUR, July 2 (Bernama) -- A member of parliament Wednesday suggested that former prime minister Tun Dr Mahathir Mohamad be given the opportunity to appear in court to explain the allegations hurled at him over the 1988 judicial crisis.
Datuk Abdul Ghapur Salleh (BN-Kalabakan) said this would help resolve the issue and end the arguments between Dr Mahathir and the government on the matter.
"Why don't we bring Tun Dr Mahathir to court to give an explanation? I feel he would be willing to appear in court so that he can personally explain his problem with regard to the judiciary, whether there was abuse of power or otherwise," he said during the debate on the motion on the mid-term review of the Ninth Malaysia Plan in the Dewan Rakyat, here.
Abdul Ghapur suggested that Minister in the Prime Minister's Department Senator Datuk Mohd Zaid Ibrahim raise the matter in the Cabinet.
"It is not good for a person who has served (the nation) for 22 years to be subjected to all kinds of accusations. I believe Tun Dr Mahathir will be willing to appear in court because he wants to clear his name. Perhaps, he may have some evidence which cannot be exposed and can only be revealed in court," he said.
Earlier, Abdul Ghapur, known for speaking out in parliament, questioned the rationale of the government adding on a RM30 billion allocation for the Ninth Malaysia Plan when no new projects were recommended.
He said that based on the mid-term review of the ninth plan tabled by Prime Minister and Finance Minister Datuk Seri Abdullah Ahmad Badawi last week, no details were given on new projects or why the supplementary allocation was made.
As such, he said, his understanding was that the supplementary allocation was to meet additional costs of contracts for old development projects agreed to by the government following the rise in the market prices of fuel and goods.
-BERNAMA-
Subscribe to:
Posts (Atom)