Sign In

Communications of the ACM

ACM TechNews

Google Builds Developer Tool to Flag Web App Vulnerabilities


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook

Google has released DOM Snitch, an experimental extension for its Chrome browser that enables developers to scan Web applications and flag code that could be exploited by malware attacks. Google has built DOM Snitch to target potential security holes in the client-side code of Web applications that could be vulnerable to attacks, such as client-side scripting.

"To do this, we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure, such as document.write or HTMLElement.innerHTML," says Google's Radoslav Vasilev.

Developers do not have to pause DOM Snitch to run a debugging tool because it displays document object model modifications in real time. The free tool also enables developers to export reports to others involved in developing and refining the application. Code testers and security researchers also could make good use of DOM Snitch.

From IDG News Service
View Full Article

Abstracts Copyright © 2011 Information Inc. External Link, Bethesda, Maryland, USA 


 

No entries found