Google announced a free application testing tool, dubbed “DOM Snitch,” to help developers find vulnerabilities in client-side Web applications.
The tool can be used by both application developers and QA staff who may not have the security expertise to identify insecure code, Google said June 21.
“Every day modern web applications are becoming increasingly sophisticated, and as their complexity grows so does their attack surface,” wrote Radoslav Vasilev, a Google engineer based in Zurich.
DOM refers to the “Document Object Model,” a platform-neutral interface used by applications and scripts to access and update the content of Web pages. While going through the client-side code, the tool will alert the developer that a particular function call could potentially allow an exploit.
DOM Snitch joins other open source testing tools from Google, including Skipfish and Ratproxy.