Link of the day: Google Security

Well… sort of. It’s not anything new these days, but a while ago, Google published it’s own security testing tool for website security testing, called Skipfish. Of course, this is not the first tool that Google releases for this purposes, as many related are already out there (like ratproxy, the Browser Security Handbook, and so on…). However, the new thing today is skipfish.

Skipfish is an active website scanner that will test the web applications for XSS, SQL Injection, Shell injection, XML Injection (that one’s new for me), SSL, insecure cookies, correct MIME headers, server errors, invalid links… etc. The complete list is enormous, and one of the main things is that this tool is being developed on C for high performance. It claims to be able to run with 2000 requests per second on remote servers (of course, if the servers answers in time).

I haven’t had the chance yet to give it a try but I probably will these days. These are the kind of reports that you may see from it, see a skipfish screenshot.

This all came from Google’s Online Security Blog. It is worth a reading, updates are not too much common nor too much big, so you can keep easily up to date with your favorite RSS reader.

I’m a secure little skunk.