Google releases skipfish, an application security tool
As someone who manages web applications,
skipfish is a really easy and quick way to run your website through a fairly comprehensive set of tests. Today, Google
officially released the tool to the public in hopes to help make the web a safer place. On the flip side, a tool that does a good job of detecting vulnerabilities like this, will naturally be used by people looking to abuse it as well.
Skipfish runs through a set of tests which detect high, medium and low risk flaws. Some of the higher risk ones include:
Quote
Server-side SQL injection (including blind vectors, numerical parameters).
Explicit SQL-like syntax in GET or POST parameters.
Server-side shell command injection (including blind vectors).
原帖地址: TechSpott - Computer and technology forums http://www.techspott.com//showthread.php?p=1130
Server-side XML / XPath injection (including blind vectors).
Format string vulnerabilities.
Integer overflow vulnerabilities.
These specific flaws can lead to system compromise detecting them early, and proactively is surely something worth doing.
This isnt the only tool of its kind though. There are several free and commercial tools available that can do the same job (like Nikto2 and Nessus) in some cases better. In any case, its about time people started taking security seriously, and using a tool like this is a good step in the right direction.
Source: ZDNet 
Connect with Facebook
Google releases skipfish, an application security tool 
Linear Mode
