On Mar 19, on Friday morning, Michal Zalewski announced on Google Security Blog : "Meet skipfish, our automated web security scanner" and this had to be taken seriously.
Recently I've seen a lot of free "web malware scanners", some of them released by prestigious security vendors , *cough* Qualys *cough* and some of them released by unknown -to me at least – developers of WP-Secure Plugin for WordPress SiteSecurityMonitor.com .
Google developers took a different approach and they built an ol' school console application written in pure C which is lighting fast and thanks to it's asynchronous processing is able to inject hundreds of HTTP requests / second.
The source code is released under Apache license and it's available for download here.
I don't have a Linux box available right now to make it and test it myself but the documentation surely fires up your interest on the features implemented in skipfish: Server-side SQL injection, Integer overflow vulnerabilities, Stored and reflected XSS, MIME Manipulation, HTTP credentials in URLs, Unexpected response variations and many many others.
We owe a big thanks to the Google security team and I hope skipfish will be developed further.
Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post
Post InfoThis entry was posted on Sunday, March 21st, 2010 . Tagged with:
Previous Post: SC Magazine 2010 Awards Winners »
Next Post: My Twitter Notes on 2010-05-02 »
Read MoreRelated Reading:
- How to Protect Your Business Network from Phishing Attacks
- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!