Google发布Chrome官方扩展DOM Snitch 可发现网页代码漏洞

Google发布Chrome官方扩展DOM Snitch 可发现网页代码漏洞

 

ugmbbc发布于 2011-06-22 07:28:22|3505 次阅读 字体：大 小 打印预览

Google今天发布了一个名为DOM Snitch的Chrome官方扩展，它可以让开发者和安全人士在浏览网站时自动识别出不安全的代码，这种扩展的灵感其实是来自于5周之前一家安全公司Mind Security在Firefox上的作品DOMinator，使用这种工具用户可以轻易发现例如XSS、数据泄漏等问题，并指出问题所在的代码段，帮助用户规避以及厂商发现后修补。

• Real-time: Developers and testers can observe DOM modifications as they happen inside the browser without the need to step through JavaScript code with a debugger or pause the execution of their application.

• Easy to use: With built-in security heuristics and nested view, both advanced and less experienced developers and testers can quickly spot areas of the application being tested that need more attention.

• Easier collaboration: Enables developers and testers to easily export and share captured DOM modifications while troubleshooting an issue with their peers.

下载:DOM Snitch