Google发布Chrome官方扩展DOM Snitch 可发现网页代码漏洞
Google今天发布了一个名为DOM Snitch的Chrome官方扩展,它可以让开发者和安全人士在浏览网站时自动识别出不安全的代码,这种扩展的灵感其实是来自于5周之前一家安全公司Mind Security在Firefox上的作品DOMinator,使用这种工具用户可以轻易发现例如XSS、数据泄漏等问题,并指出问题所在的代码段,帮助用户规避以及厂商发现后修补。
- Real-time: Developers and testers can observe DOM modifications as they happen inside the browser without the need to step through JavaScript code with a debugger or pause the execution of their application.
- Easy to use: With built-in security heuristics and nested view, both advanced and less experienced developers and testers can quickly spot areas of the application being tested that need more attention.
- Easier collaboration: Enables developers and testers to easily export and share captured DOM modifications while troubleshooting an issue with their peers.