DOM Snitch

Sponsored Links:
Software Screenshot:
DOM Snitch
Software Details:
Version: 1.0
Upload Date: 14 Dec 14
Developer: Google
Distribution Type: Freeware
Downloads: 10

Rating: 0.0/5 (Total Votes: 0)

Sponsored Links:

What is DOM Snitch?

DOM Snitch is an experimental Chrome extension that enables non-security testers identify common bad practices when producing client-side code and security testers gain better understanding of the transformations that occur within the DOM.

Current capabilities

Ability to listen to DOM modification and collect debug data about those modifications

Ability to sort and group collected information as means to simplify the analysis process of this data

Ability to passively detect and mark as errors or warnings some easy to spot security issues, including:

Uses of user-controlled data that comes from either URL, referrer, or cookies while constructing DOM where the data is also checked for containing HTML escape characters (i.e. <>"')

Uses of scripts that are not hosted at the application's domain

Uses of scripts that would result in mixed content errors

Uses of invalid JSON syntax, resulting in the use of eval() as opposed to a much safer alternative function (e.g. JSON.parse())

Assignments of document.domain to anything but the application's original hostname value (as given by the browser at rendering time)

Ability to export all or subsets of collected data as plain text or through Google Docs

Like it? Share us with your friends

Similar Software

Beebs
Beebs

12 Jul 16

PDFfiller
PDFfiller

21 Nov 14

Moovu TV
Moovu TV

14 Dec 14

SearchLock
SearchLock

18 Jun 16

Wibe
Wibe

23 Nov 14

Email Verifier
Email Verifier

12 Jul 16

Minecrizzy
Minecrizzy

14 Dec 14

Other Software of Developer Google

Comments to DOM Snitch

Comments not found
Add Comment
Turn on images!