| Description: | A semi-automated, largely passive web application security audit tool,
optimized for an accurate and sensitive detection, and automatic
annotation, of potential problems and security-relevant design
patterns based on the observation of existing, user-initiated traffic
in complex web 2.0 environments.
Detects and prioritizes broad classes of security
problems, such as dynamic cross-site trust model considerations,
script inclusion issues, content serving problems, insufficient XSRF
and XSS defenses, and much more. |
|---|