(WEB HOST INDUSTRY REVIEW) — In its latest effort to keep the web secure, Internet giant Google (www.google.com) has released an open source web application scanner that lets developers check their applications for security holes.
According to a blog post late last week from “white hat” hacker and computer security expert Michal Zalewski, who headed the project, Skipfish is a “free, open source, fully automated, active web application security reconnaissance tool.”
Written in pure C, with highly optimized HTTP handling and a minimal CPU footprint, Skipfish can easily process 2,000 requests per second with responsive targets. It is easy to use with its automated heuristics supporting a variety of diverse web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form auto-completion. And it also features cutting-edge security logic with high quality, low false positive, differential security checks capable of spotting a range of subtle flaws, including blind injection vectors.
Skipfish is merely the latest effort from Google to promote safety on the Internet. And the company sees helping web developers build secure, reliable web applications as a key step in achieving that ends. Google released projects such as passive security assessment tool ratproxy, and the Browser Security Handbook, a comprehensive security guide for web developers. The company has also cooperated with the community to improve the security of third-party browsers.
The scanner is now available for download, and detailed project documentation is available in a wiki that also provides easy-to-follow information on how to implement the software.
No related posts.
