Google released Skipfish, a free fully automated, active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The safety of the Internet is of paramount importance to Google, and helping web developers build secure, reliable web applications is an important part of the equation. Skipfish will be a valuable contribution to the information security community, making security assessments significantly more accessible and easier to execute.
The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Key Features:
A rough list of the security checks offered by the skipfish tool is outlined below.
The tool supports Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments. To download the scanner, please visit this page; detailed project documentation is available here.
Article ID: 401
Created: Mon, Mar 22, 2010
Last Updated: Mon, Mar 22, 2010
Author: Administrator
Online URL: https://www.articlediary.com/article/google-skipfish-web-application-security-scanner-401.html