Google Skipfish scans Web apps for security

The new open-source tool is designed to search for flaws, including "tricky scenarios" such as blind SQL or XML injection.

Google has released an open-source Web security scanner called Skipfish that is designed to allow people to scan Web applications for security holes.

The tool scans a Web application for flaws including "tricky scenarios" such as blind SQL or XML injection, Google developer Michal Zalewski said in the Skipfish wiki.

Skipfish prepares a site map annotated with interactive crawl results, highlighting flaws, after a recursive crawl and dictionary-based probing of the target site. The tool can also generate a final report that can be used as a basis for a security assessment.

Read more of "Google releases Skipfish Web-security scanner" at ZDNet UK.

About the author
 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

What you missed

Join CNET for an exclusive interview with Google Lunar XPrize teams

Five representatives from the finalist Milestone teams told us how they plan to get to the moon and win $30 million next year. Catch up on this exclusive CNET event.