Minimize Security Flaws Using Google's Skipfish
Posted by Rasmy Kiran on Thursday, April 8th, 2010Open Source Application
Skipfish is an open source scanner written in C language used to detect vulnerabilities in web applications. Users can compile the code and execute it for installation. Skipfish crawls through the web application, detects the security probes and generates a report for security assessments.
Features
Skipfish overcomes some of the common issues associated with other web security scanners. It is designed for high performance. It can handle 7000+ requests per second against local instances, 2000+ for LAN/MAN networks and 500+ against Internet targets. Its usability extends even to websites with multi-frameworks and different filtering rules. It also chalks out tricky scenarios including stored XSS (path, parameters, headers), blind SQL and XML injection.
The main security checks performed by the scanner are categorized based on the risk levels and are listed in the Skipfish wiki. This tool is expected to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.
Limitations
However, Skipfish is not found to satisfy some of the major requirements charted out in the WASC (Web Application Security Scanner Evaluation Criteria).
The Skipfish 1.29 beta version is currently available for download.
Tags: Google, Open Source, Skipfish, web app scanner, XML injection
Post a Comment
-
Powered by Sociable!
