Google Releases Skipfish Application Security Scanner

Google has released its own Web application security scanner, called Skipfish. The free scanner is designed to work within a variety of existing Web application frameworks and is built with an emphasis on speed and low false-positives, the company said.

Google has released its own Web application security scanner, called Skipfish. The free scanner is designed to work within a variety of existing Web application frameworks and is built with an emphasis on speed and low false-positives, the company said.

Skipfish enters a crowded field of Web application security testing tools, both free and commercial. The landscape also includes a slew of security companies and consultancies that specialize in testing Web applications, including WhiteHat, Cenzic and a number of others. Google said that Skipfish is meant to be easy to use, fast and produce few false positives.

“Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments,” according to the scanner’s documentation.

However, the Skipfish scanner is not meant to be a replacement for commercial scanners, it appears. Google says in the documentation that the scanner doesn’t meet many of the evaluation criteria set out by the Web Application Security Consortium for such scanners, and also “extensive database of known vulnerabilities for banner-type checks.”

Suggested articles

Discussion

  • Anonymous on

    Home vulnerabilities=security breach=debug

  • Anonymous on

    all very good but I prefer stuff like Websecurify. You can tell this is a professionally designed tool and it is ultralight and quite fast as well

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.