Home » News » Computer Security » Skipfish: A New Web-Security Tool

Skipfish: A New Web-Security Tool

By Jason on March 23, 2010 | Computer Security, Skipfish, open-source, Web-Security, Google, SQL, XML Skipfish: A New Web-Security Tool

A new open-source security tool has been released by Google. Skipfish is a web-security scanner which is configured to allow people to scan web applications for security flaws.

This new software scans web applications for its holes, such as blind SQL or XML injection. Google developer Michal Zalewski says in the Skipish wiki : „It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.“

According  Zalewski this tool includes many advantages, like high performance, ease of use, well-designed security checks and etc. He also claimed that Skipfish is "not a silver bullet“. The scanner  does not satisfy the majority of the requirements outlined in the Wasc Web Application Security Scanner Evaluation Criteria.

Zalewski also warned that people would use this scanner very responsibly and added: "First and foremost, please do not be evil. Use Skipfish only against services you own, or have a permission to test."

More Computer Security news

39 flaws are fixed by Apple

39 flaws are fixed by Apple

Apple released OS X Lion 10.7.4 in order to fix 35 security holes as well as 4 vulnerabilities in the Safari web browser. The problem with Time Machine in OS X Lion is fixed with the new update. These flaws could enable a remote attacker to access a user's backup credentials. An issue is solved with Directory Service which could allow exposing sensitive data by the attacker. Read more.


News categories

Latest news

Related news