"Google has released for free one of its internal tools used for testing the security of Web-based applications.
Ratproxy, released [as beta] under an Apache 2.0 software license, looks for a variety of coding problems in Web applications, such as errors that could allow a cross-site scripting attack or cause caching problems. ....."
http://www.pcworld.com/article/147917/google_gives_away_free_web_application_security_scanner.html
And Google Online Security Blog's entry: http://googleonlinesecurity.blogspot.com/2008/07/meet-ratproxy-our-passive-web-security.html
The tool: http://code.google.com/p/ratproxy
|
The documentation is here: http://code.google.com/p/ratproxy/wiki/RatproxyDoc
One of the things it says is: "Key low-level check groups implemented by ratproxy [include] subtle mistakes such as serving GIF files as image/jpeg"
Yet Philipp found YouTube serving animated GIFs as JPGs here: http://blogoscoped.com/archive/2008-07-01-n65.html
So maybe YouTube hasn't started using this tool yet. |