<? DriftLogic ¿>

Noticed this on Reddit this morning. Google has open sourced one of their internal security testing tools called RatProxy.

Apparently it's a passive vulnerability scanner all done up as a proxy style interaction for sites. I haven't played with it yet, but I'm not aware of many other passive scanners, so this warrented a mention. Mainly so that I remember to play with it later myself.

My first thought is to combine this with Nessus for creating a good security baseline for apps.

So long as you don't let these fool you into having a false sense of security, they're a good place to start when securing applications.