Google Released Chrome-based Web Security Scrutinizer
June 22, 2011 by Rob Nijkamp Source article

Google released an open-source tool called DOM Snitch that tries to flag Web site software that would be dangerous to run in a browser. The software is an experimental Chrome extension that examines how Web site code executes to see if commands could lead to cross-site scripting or other attacks used to deliver malware to computers via a Web browser.


Google Released Chrome-based Web Security Scrutinizer

DOM Snitch "enables developers and testers to identify insecure practices commonly found in client-side code," said Google security test engineer Radoslav Vasilev in a blog post. He elaborated:

"To do this, we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure such as document.write or HTMLElement.innerHTML (among others). Once a JavaScript call has been intercepted, DOM Snitch records the document URL and a complete stack trace that will help assess if the intercepted call can lead to cross-site scripting, mixed content, insecure modifications to the same-origin policy for DOM access, or other client-side issues."

The move is one of many Google has made of late to improve security on the Web--a medium the company believes is the programming platform of the future and that holds a dominant role in its own business. The company also is working hard to improve Chrome's own security.

Other open-source Google security products include Skipfish and Ratproxy, which let people test the security of Web applications.

Place your comment about Google Released Chrome-based Web Security Scrutinizer

You must me logged in to write a comment

Be the first to place a comment