Google designs new developer tool
Th DOM Snitch is aimed at reducing possible online threats for developers

Internet search and cloud computing company Google Inc has released an experimental extension of its Chrome browser which will help developers to scan their web applications and flag code that may make them susceptible to online attacks.

A free tool, DOM Snitch, has been developed to detect security holes in Web app’s client-size code which hackers may exploit via client-size scripting, the company reported.

“To do this, we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure such as document.write or HTMLElement.innerHTML,” wrote Radoslav Vasilev, a Google official, in the company blog.

DOM (Document Object Model) is also designed to help security researchers and code testers, the company said.

The Snitch displays DOM’s modification is real time to avoid the problem of pausing the application for running a debugging tool.
The reports can also be shared with other developers and ones involved in refining the application.

The company is also working on server-side code testing tools such as Skipfish and Ratpoxy, apart from DOM, as it fears that security threats are growing vastly.

“Developers and testers should be aware that DOM Snitch is currently experimental. We do not guarantee that it will work flawlessly for all web applications,” Vasilev said.