Test your web apps with Google's new Skipfish vulnerability scanner!

Google's just made available a beta (for some reason, all the cool stuff I use from Google is labled "beta" these days) version of Skipfish, their new fully automated, active web application security reconnaissance tool (I'm quoting their page on that last sentence).

Grab the baby here!

It's looking very good to test your own code... but seems to be VERY noisy, so don't use it to stealthily probe other people's sites... you WILL get detected. :) (Maybe that's a voluntary design goal to avoid criminals using it - I have no issue with it.)

Comments:

the problem with that tool is that besides being too noisy, it returns too many false positives.

Posted by nacho on March 23, 2010 at 10:55 AM CET #

It's a beta... will still undergo a fair amount of tuning, I imagine.

Posted by Gilles Gravier on March 23, 2010 at 11:07 AM CET #

Post a Comment:
  • HTML Syntax: NOT allowed
About

gravax

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today