Google announced on Tuesday the availability of a new free application testing tool, dubbed “DOM Snitch,” that it says will help Web application developers find vulnerabilities in client side Web applications.
The new application is a Chrome browser extension that works by injecting hooks into a Web page that signal when that page interacts with browser features that can be manipulated in attack. The tool is designed to allow both Web application developers and QA staff who lack expertise in security to pinpoint insecure application code, Google said.
DOM refers to the “Document Object Model,” a common, platform-neutral interface that allows programs and scripts to access and update the content and structure of Web pages and other online documents.
The tool outputs an activity log listing DOM modifications that pose a security risk, Google said.