Monday, March 22, 2010

Google releases web security scanner

Skipfish runs via a Linux / Unix command line. Vergrößern
Google has released an open source scanner that allows web application developers to test their applications for security holes. The application, called Skipfish, offers a similar functionality to that of tools such as Nmapor Nessus, but it's said to be much faster. Using fully automated heuristics, it detects code that is vulnerable to cross-site scripting attacks (XSS), SQL and XML injection attacks and many other attack types. The tool's comprehensive post-processing of the individual test results is designed to help with the interpretation of the final report.

Skipfish is a pure C implementation and according to Google, can easily process 2,000 HTTP requests per second – provided the tested server can handle such a high load. In individual tests across local networks, 7,000+ requests per second have reportedly been sent with a modest CPU load and memory footprint.

No comments:

Post a Comment