Communications of the ACM

Home/News/Google Builds Developer Tool to Flag Web App Vulnerabilities/Full Text

ACM TechNews

Google Builds Developer Tool to Flag Web App Vulnerabilities

By IDG News Service
June 28, 2011
Comments

View as: Print Mobile App Share:

Google has released DOM Snitch, an experimental extension for its Chrome browser that enables developers to scan Web applications and flag code that could be exploited by malware attacks. Google has built DOM Snitch to target potential security holes in the client-side code of Web applications that could be vulnerable to attacks, such as client-side scripting.

"To do this, we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure, such as document.write or HTMLElement.innerHTML," says Google's Radoslav Vasilev.

Developers do not have to pause DOM Snitch to run a debugging tool because it displays document object model modifications in real time. The free tool also enables developers to export reports to others involved in developing and refining the application. Code testers and security researchers also could make good use of DOM Snitch.

From IDG News Service
View Full Article

No entries found

Google Builds Developer Tool to Flag Web App Vulnerabilities

Google Search Technique Used by Police Draws Legal Challenge

Toward a Solid Acceptance of the Decentralized Web of Personal Data: Societal and Technological Convergence

Interview Answers That are Not Going to Help You