Google Skipfish scans Web apps for security

The new open-source tool is designed to search for flaws, including "tricky scenarios" such as blind SQL or XML injection.

by Tom Espiner

March 22, 2010 9:16 AM PDT

Google has released an open-source Web security scanner called Skipfish that is designed to allow people to scan Web applications for security holes.

The tool scans a Web application for flaws including "tricky scenarios" such as blind SQL or XML injection, Google developer Michal Zalewski said in the Skipfish wiki.

Skipfish prepares a site map annotated with interactive crawl results, highlighting flaws, after a recursive crawl and dictionary-based probing of the target site. The tool can also generate a final report that can be used as a basis for a security assessment.

Read more of "Google releases Skipfish Web-security scanner" at ZDNet UK.

News

Yahoo revives Flickr with photo-centric redesign, 1TB free storage

Yahoo's CEO Marissa Mayer unveils an update to the company's Flickr photo-sharing site. Among the changes are a redesign with larger images, the ability for users to upload full-resolution photos, and 1TB of free storage for everyone.

Play Video