Google Skipfish scans Web apps for security

The new open-source tool is designed to search for flaws, including "tricky scenarios" such as blind SQL or XML injection.

Google has released an open-source Web security scanner called Skipfish that is designed to allow people to scan Web applications for security holes.

The tool scans a Web application for flaws including "tricky scenarios" such as blind SQL or XML injection, Google developer Michal Zalewski said in the Skipfish wiki.

Skipfish prepares a site map annotated with interactive crawl results, highlighting flaws, after a recursive crawl and dictionary-based probing of the target site. The tool can also generate a final report that can be used as a basis for a security assessment.

Read more of "Google releases Skipfish Web-security scanner" at ZDNet UK.

About the author
 

Discuss Google Skipfish scans Web apps for security

Conversation powered by Livefyre

This week on CNET News
Hot Products
Trending on CNET

Hottest TVs of 2015

Are you ready for an upgrade?

They're hot, they're new, and they're all vying to make you want to upgrade your current TV.