Posted by niklp on August 11, 2008 at 4:39pm
Submitted for perusal by the group, as passed to me by a fellow developer.
"[Google ratproxy is a] semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.
Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more. "
http://www.linux.com/feature/142675
http://code.google.com/p/ratproxy/