Google released an open source tool called ratproxy, which aims for helping developers to audit Web application security. It is a non-disruptive tool designed for Web 2.0 and AJAX applications that produces an easy-to-read report of potential exploits.

Linux.com has a review on it today.