With purpose to get rid of potential security defects, Google has launched a web application tool ‘Ratproxy’, as open source.

Alternatively, under an open-source license, Google has also launched ‘Browser Sync’, a product designed exclusively for maintaining multiple versions of Firefox synchronized.

In the previous month, the online leader said that it would terminate support for Browser Sync, and just recently the company open sourced the code for the product’s client software, so as to enable the developer community to carry on to utilize as well as improve it, stated Google developer Aaron Boodman. He further expressed rejoice about seeing the server ported to Google App Engine, or support for Firefox 3 implemented.

About Ratproxy:

Ratproxy is an internally written audit system, which was released in the previous week by Michal Zalewski, an esteemed security researcher hired by Google about a year ago to assist in locking down the firm’s own site. Google had used the tool to unearth problems like cross-site script inclusion threats, cross-site scripting candidates, insufficient cross-site request forgery defences, potentially unsafe cross-domain code inclusion schemes, information leakage scenarios and caching issues, as per Zalewski.

Moreover, he stated that the proxy functions passively by analyzing existing, user-initiated traffic, along with being tuned particularly for complex Web 2.0 environments. The company decided to make this tool accessible for free as open source because it believes that it will act as a valuable contribution to the information security community, thereby advancing the community’s understanding of security challenges syndicated with modern web technologies.

Zalewski said that Ratproxy is planned to complement active crawlers as well as manual proxies, along with other passive proxies. Also, he said that the primary benefit of Ratproxy is that it focuses on Web 2.0 applications, and drawing on Google’s experience with such applications. For example, it provides several advanced and unique checks, content-sniffing functions with ability to distinguish between stylesheets and Javascript code snippets,  and is also capable of considering particular browser-related quirks and content-handling oddities, as per Zalewski’s documentation for Ratproxy. Finally, he continued that the proxy can be utilized in a chain with third party security testing proxies.

Google under scanner:

In the past recent months, Google has been increasingly pressurized to tighten its security strategy. In fact, in the previous month, StopBadware.org, a website sponsored by Google, noticed that the search leader itself was one of the top five networks to host malicious web pages, largely because of its popularity among attackers of Google-owned networks like Blogger. The other four, out of the top-five networks, were based in China.

Just recently Google admitted that the number of drive-by download sites featuring in its typical search results has significantly risen over the last year.