Google Skipfish scans Web apps for security

The new open-source tool is designed to search for flaws, including "tricky scenarios" such as blind SQL or XML injection.

Google has released an open-source Web security scanner called Skipfish that is designed to allow people to scan Web applications for security holes.

The tool scans a Web application for flaws including "tricky scenarios" such as blind SQL or XML injection, Google developer Michal Zalewski said in the Skipfish wiki.

Skipfish prepares a site map annotated with interactive crawl results, highlighting flaws, after a recursive crawl and dictionary-based probing of the target site. The tool can also generate a final report that can be used as a basis for a security assessment.

Read more of "Google releases Skipfish Web-security scanner" at ZDNet UK.

About the author
 

Discuss Google Skipfish scans Web apps for security

Conversation powered by Livefyre

This week on CNET News
Hot Products
Trending on CNET

CNET Forums

Looking for tech help?

Whether you’re looking for dependable tech advice or offering helpful tricks, join the conversation in our forums.