Google Skipfish scans Web apps for security

The new open-source tool is designed to search for flaws, including "tricky scenarios" such as blind SQL or XML injection.

Google has released an open-source Web security scanner called Skipfish that is designed to allow people to scan Web applications for security holes.

The tool scans a Web application for flaws including "tricky scenarios" such as blind SQL or XML injection, Google developer Michal Zalewski said in the Skipfish wiki.

Skipfish prepares a site map annotated with interactive crawl results, highlighting flaws, after a recursive crawl and dictionary-based probing of the target site. The tool can also generate a final report that can be used as a basis for a security assessment.

Read more of "Google releases Skipfish Web-security scanner" at ZDNet UK.

About the author
 

Discuss Google Skipfish scans Web apps for security

Conversation powered by Livefyre

This week on CNET News
Hot Products
Trending on CNET

Time to toss the old dirtbag

Looking for a vacuum?

Whether you’re looking for a traditional upright vacuum or a low-key bot, we've picked the best vacuums for your needs.