Security-Protocols

Michal Zalewski and his colleague Filipe Almeida have released DOM Checker which is an automated tool for validating browser security policy enforcement. Below is a description of DOM Checker from the page:

The tool features several fairly neat features, including exhaustive hierarchy crawling and side-channel blind write validation to reduce the number of false positives.

DOM Checker had been used to find a number of major security bypass and information disclosure problems in several popular browsers, and we had worked closely with vendors to resolve them (although it’s worth noting that the tool still reports anywhere from 10 to 30 low-risk, design-related information disclosure issues in these programs).

Our hope is that this tool may serve as a framework for ongoing browser security research, and would be integrated by browser vendors with their regression testing and general release QA processes.

Project Page:
http://code.google.com/p/dom-checker/

Access live instance for testing
http://lcamtuf.coredump.cx/dom_checker/