Google is continuing its incursion into the security world with the release of its passive Web application security assessment tool, Ratproxy. The tool differs from most of the other Web application security tools in that it does not actively crawl applications looking for common security problems. Instead, it passively monitors the interactions between a browser and Web applications, and is specifically designed to look for problems with Web 2.0 apps. The implied advantage to this approach being that Ratproxy can be launched against production systems without having to worry about it crashing the applications with too much traffic. Google’s documentation for the proxy, which is being released as an open source application, has more detail:
The proxy is designed to support Windows, Linux, FreeBSD and Mac environments.