Google pushes security scanner Skipfish to scan Web program vulnerabilities

In March 24, it was reported that Google's new open-source network security scanner Skipfish was designed to address security vulnerabilities in network applications. Google developer michalzarewski said in Skipfishwiki that this tool can scan network applications to detect situations that are difficult to handle, such as binary attacks or XML remote program injection.

In March 24, it was reported that Google's new open-source network security scanner Skipfish was designed to address security vulnerabilities in network applications.

Google developer Michal zarewski said on Skipfish wiki that this tool can scan network applications to detect situations that are hard to handle, such as Blind SQL plug-in attacks or XML remote program injection.

Skipfish investigates the target Website Based on the directory, and generates a website diagram with comments of the interactive crawl result after the recursive crawl is retrieved. The tool can also generate a final report as a basis for software security evaluation.

Some commercial and open-source scanning tools, including Nikto and NesSuS. He suggested that you choose a suitable tool. However, Skipfish is fast. Based on the tested server performance, it processes more than 500 requests per second for Internet targets and more than 2,000 requests per second for LANs.

Zarewski warned that Skipfish could not capture all problems. This tool deliberately does not meet the application security alliance's security scanning evaluation criteria (Wasc Web AppliCatIon Security incluevaluation Criteria) lists all requirements. In addition, Skipfish does not have an extended database with known vulnerabilities.

Google invites everyone to use this tool in a responsible manner. Zarewski wrote: The first thing to emphasize is not to do evil. You can only use Skipfish for your own services, or obtain a test license first. This tool is completely written in C language and licensed to use Apache LiceNcE 2.0. The latest version is Skipfish 1.19 beta.

: Http://skipfish.googlecode.com/files/skipfish-1.19b.tgz

Http://code.google.com/p/skipfish/

Lib is required for compiling.IdN. For other parameter descriptions, refer to the official website.