Sign In

Communications of the ACM

ACM TechNews

Google Builds Developer Tool to Flag Web App Vulnerabilities

View as: Print Mobile App Share:

Google has released DOM Snitch, an experimental extension for its Chrome browser that enables developers to scan Web applications and flag code that could be exploited by malware attacks. Google has built DOM Snitch to target potential security holes in the client-side code of Web applications that could be vulnerable to attacks, such as client-side scripting.

"To do this, we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure, such as document.write or HTMLElement.innerHTML," says Google's Radoslav Vasilev.

Developers do not have to pause DOM Snitch to run a debugging tool because it displays document object model modifications in real time. The free tool also enables developers to export reports to others involved in developing and refining the application. Code testers and security researchers also could make good use of DOM Snitch.

From IDG News Service
View Full Article

Abstracts Copyright © 2011 Information Inc. External Link, Bethesda, Maryland, USA 


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account