Security Hole Scanner

Google Release Skipfish 1.13 Beta

Google have released a beta of version 1.13 of Skipfish.

The open source web application security hole scanner features automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. It is written in pure C. Skipfish works by using a recursive crawl and dictionary-based probes, to prepare an interactive sitemap for a website, which is then annotated with the output from a number of security checks. Skipfish security checks include server-side SQL injection, format string vulnerabilities, and integer overflow vulnerabilities. For a full list of features and security checks implemented by Skipfish, please see the project wiki.

“We feel that skipfish will be a valuable contribution to the information security community, making security assessments significantly more accessible and easier to execute,” wrote Michal Zalewski, at his 'Meet Skipfish' blog posting.

Jessica Thornsby

What do you think?

JAX Magazine - 2014 - 06 Exclucively for iPad users JAX Magazine on Android


Latest opinions