Google Online security team today introduced "DOM Snitch" -- an experimental Chrome extension that enables developers and testers to identify insecure practices commonly found in client-side code.
Please note: DOM Snitch is intended for use by developers, testers, and security researchers alike; Developers and testers should be aware that DOM Snitch is currently experimental. Refere to Know issues, issues tracker.
Here're the benefits of DOM Snitch:
- Easy to use: With built-in security heuristics and nested views, both advanced and less experienced developers and testers can quickly spot areas of the app being tested that need more attention.
- Easier collaboration: Enables developers to easily export and share captured DOM modifications while troubleshooting an issue with their peers.
[Source: Online Security Blog]