Google SkipFish: Web-Application Security Scanner

Google has taken the next step  to make Web Applications Robust, it has released a Web application security scanner called Skipfish. The free (and Open Source) scanner is designed to work within a variety of existing Web application frameworks and is built with an emphasis on speed and low false-positives, as per Google. SkipFish is based on C and is fast scanner that can easily achieve 2000 requests per second on LAN networks and 500+ requests against fast Internet targets, with minimal CPU usage. Unlike, other web-application security frameworks, its easy to use and supports wide variety of Web frameworks, auto-learning capabilities.

Tests/Scans

Currently, the SkipFish scans wide variety of most critical and medium, low  risks, and then produces Internal warnings for certain failures like unexpected response variations. The scan coverage looks sufficient for most web applications as it covers all common vulnerabilities. The detailed list of types of scans are available at SkipFish wiki. The Tool works on all three major platforms: Linux, Mac OS X, windows (cygwin) and can be downloaded from here.

We write latest in Google, Open Source, Security and Tech @taranfx and below: