WebRATS is an homage to RATS, a tool to scan code and flag the use of dangerous APIs, identified hazards, and provide secure coding alternatives (RATS was originally created by Secure Software). WebRATS is intended for today’s web-enabled, distributed development methodologies. It was designed to integrate transparently into ordinary code review using modern web browsers. By simply adding a few lines of script to the relevant code review web application, security sensitive API usage will be highlighted in a style similar to inline spell checking, with risks and suggestions available in mouseover tooltips.
Organizations that already use a web-based code review tool can add WebRATS functionality to easily provide ambient security information to developers, exactly in the moment and context in which it can be most useful: When they are already in the mindset and process of reviewing code and making bug fixes.
