Google Releases Security Reconnaissance Tool Skipfish
Skipfish is a new tool that Mountain View-based search engine giant Google rolled out to help web developers build secure and reliable web applications. According to Google, the safety of the Internet is “of paramount importance” to the company – that is why it added Skipfish to its list of security-oriented offerings, such as ratproxy or the Browser Security Handbook.
Skipfish is an open source, fully automated, active web application security reconnaissance tool that can provide three things to the developer that wants to create a reliable and secure web application. First of all the application provides high speed – as many as 2000 requests per second, highly optimized HTTP handling and a minimal impact on the CPU.
SPONSORED LINKS
Second of all, Skipfish offers ease of use. As detailed by Google-employed whitehat hacker and security expert from Poland, MichaA? Zalewski, “the tool features heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.”
Thirdly, Skipfish offers cutting-edge security logic. The development team behind the security reconnaissance tool included things like high quality, low false positive, differential security checks that can detect a multitude of subtle flaws (this means injection vectors as well).
“As with ratproxy, we feel that skipfish will be a valuable contribution to the information security community, making security assessments significantly more accessible and easier to execute,” commented Zalewski. Skipfish is available for download here.
In related news, the big news this week is that Google stopped censoring search results on its Chinese search engine, Google.cn. This is not to say that Chinese internauts can go to Google.cn, enter a query and get results that were previously censored. It means that visitors to Google.cn are redirected to Google.com.hk (Google Hong Kong). The Hong Kong search engine, unlike the Chinese one, does not filter search results. It remains to be seen if the Chinese authorities are going to reach by putting Google.com.hk behind the Great Firewall of China.