Google has a new API, a Safe Browsing API, which uses all the data Google has gathered about dangerous webpages, like those with spyware, malware, and other general “badware”*. Firefox uses the Safe Browsing API in its phishing protection, and any application could do the same (including Internet Explorer, if it didn’t already have its own excellent Phishing Filter).
This could be very useful for applications that connect with the internet, like browsers (including mobile browsers, which are less well protected) and email clients, or for web applications to deny access to code originating on an “evil” site. You could probably close a lot of cross-site vulnerabilities just by taking advantage of Google’s API to block anything from a bad neighborhood.
Two things to be aware of if you want to use the API in your project: The API key is only good for 10,000 active users, so if you expect more, you’ll need to talk with Google. Also, Google wants your software to re-download the list of bad sites every 30 minutes, and you are not allowed to use the list to warn users unless it has been updated within the last 30 minutes. That last one is a bit peculiar; does Google update the list on a massive basis multiple times per day? That’s kind of shocking, but pretty comforting as well.
* – General Badware would be a great name for a band
Tag:
