Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.
For downloads and more information,
visit the ratproxy homepage.
ï»¿My team used this for quite some time and compared to generic infrastructure VA tools like Nessus, and Foundstone we found the value in using a specialized Web VA tool. It found more and specific issues with precise recommendations to fix those. I recommend it based on my experience. I havent explored the IBM and HP counterparts yet...I understand that they are relatively costlier.
How can I integrate RATPROXY with SQUID or any other proxy server ?
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).