Home > Cloud Computing > Cloud Applications

Google pushes security scanner Skipfish to scan Web program vulnerabilities

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
In March 24, it was reported that Google's new open-source network security scanner Skipfish was designed to address security vulnerabilities in network applications. Google developer michalzarewski said in Skipfishwiki that this tool can scan network applications to detect situations that are difficult to handle, such as binary attacks or XML remote program injection.

In March 24, it was reported that Google's new open-source network security scanner Skipfish was designed to address security vulnerabilities in network applications.

Google developer Michal zarewski said on Skipfish wiki that this tool can scan network applications to detect situations that are hard to handle, such as Blind SQL plug-in attacks or XML remote program injection.

Skipfish investigates the target Website Based on the directory, and generates a website diagram with comments of the interactive crawl result after the recursive crawl is retrieved. The tool can also generate a final report as a basis for software security evaluation.

Some commercial and open-source scanning tools, including Nikto and NesSuS. He suggested that you choose a suitable tool. However, Skipfish is fast. Based on the tested server performance, it processes more than 500 requests per second for Internet targets and more than 2,000 requests per second for LANs.

Zarewski warned that Skipfish could not capture all problems. This tool deliberately does not meet the application security alliance's security scanning evaluation criteria (Wasc Web AppliCatIon Security incluevaluation Criteria) lists all requirements. In addition, Skipfish does not have an extended database with known vulnerabilities.

Google invites everyone to use this tool in a responsible manner. Zarewski wrote: The first thing to emphasize is not to do evil. You can only use Skipfish for your own services, or obtain a test license first. This tool is completely written in C language and licensed to use Apache LiceNcE 2.0. The latest version is Skipfish 1.19 beta.

: Http://skipfish.googlecode.com/files/skipfish-1.19b.tgz

Http://code.google.com/p/skipfish/

Lib is required for compiling.IdN. For other parameter descriptions, refer to the official website.

 

 

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
list 3 web security vulnerabilities google chrome security scan google chrome security scan how to use metasploit to scan for vulnerabilities google web design program scan website for vulnerabilities scan router for vulnerabilities
Related Article
Enable dazzling 3D desktop effects (group chart) in Fedora8)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More