Google ratproxy

Anybody using this? Any DH issues with using this?

"A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more."

Ask Support. This would be interesting to find out.


“Haven’t heard of anyone using it, but it sounds like something we’d really not have running on shared servers. If you did run it and it caused problems, we’d likely have to disable whatever user it was running under. I’d save stuff like this for a dedicated server ;-)”

I failed to mention that I was only going to run it against my site, but that probably wouldn’t make much of a difference with regard to the shared server issue

Have you tried to do a security audit? What did you use?

No, sorry, I haven’t done a security audit.