The good folks from Google have released a freely available open-source web application security assessment tool called RatProxy. The tool, which is still in beta, is designed to identify security vulnerabilities within web based applications.
Quoting from the RatProxy project documentation page:
"Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments."Earlier this afternoon I downloaded the source code and compiled it to run on Ubuntu 8.04. After posting this blog entry I'll begin experimenting with RatProxy.
RatProxy Documentation Page [link]