ratproxy is a semi-automated, largely passive Web
application security audit tool optimized for
accurate and sensitive detection, and automatic
annotation, of potential problems and
security-relevant design patterns based on the
observation of existing, user-initiated traffic in
complex Web 2.0 environments.