Skipfish Security Scanner for Web Apps

Mar 24, 2010

Google's online security teams has come out with a free security scanner for web apps, named Skipfish.

The command line tool acts as Web crawler and prepares an interactive sitemap for the targeted site. The Web app is then subjected to a number of nondisruptive security probes, such as for cross-site scripting (XSS), cross-site request forgery (XSRF) and server-side SQL injection. The software can probe websites developed under multiple technologies and frameworks.

Skipfish produces HTML reports that read like sitemaps.

Skipfish is written in C and, according to its developers, shows great performance: Internet requests can produce over 500 responses per second, LAN/MAN requests over 2,000 responses and local requests over 7,000 responses per second. The developers implemented a custom HTTP stack for Skipfish.

The Skipfish developers indicate that their tool digs up many relevant security vulnerabilities, but not all. As with many security scanners, permission to test the website is the prerequisite, unless you own it outright.

Skipfish is open source software under Apache 2.0 licensing. The Google Code site has its own Skipfish page, with downloads of a source tarball and online documentation.

Related content

  • Stopping Drive-By Attacks

    You won't find a perfect solution to the growing problem of drive-by attacks, but many tools are available to help you keep malicious code off your network.

    more »
  • Web Security Dojo

    Protecting your own websites from attack either costs a lot of money or requires a lot of expertise. Web Security Dojo helps you learn to think like an expert.

    more »
  • CubieTruck

    The CubieTruck small-board PC is a measuring instrument that copes well with Gigabit networks and offers a surprisingly affordable and efficient solution.

    more »
  • Grendel Scan 1.0: Automatic Security Check for Web Applications

    Grendel Scan version 1.0, a Web application testing tools, was introduced at the Defcon Security Conference in Las Vegas.

    more »
  • Command Line: SANE

    Running your scanner from the command line offers greater control of tasks. We show you how to get started.

    more »
comments powered by Disqus

Issue 210/2018

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

DevOps

News

Tag Cloud

Administration Community Events Hardware Linux Linux New Media Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source
njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia