Google has released an open-source Web security scanner called Skipfish that is designed to allow people to scan Web applications for security holes.
The tool scans a Web application for flaws including "tricky scenarios" such as blind SQL or XML injection, Google developer Michal Zalewski said in the Skipfish wiki.
Skipfish prepares a site map annotated with interactive crawl results, highlighting flaws, after a recursive crawl and dictionary-based probing of the target site. The tool can also generate a final report that can be used as a basis for a security assessment.
Read more of "Google releases Skipfish Web-security scanner" at ZDNet UK.