Skipfish - Web App Security Scanner

[Dewei]

Hello everyone,
I just came to know that the Google is having open source security scanner. I want to collect information on the Skipfish - Web App Security Scanner. I just know that this is a fully automated, web application security force recognition tool. I am interested in knowing about the key features of it. Any other information related to the topic would be grateful.!! So, please provide some information as soon as possible.

[Larry ward]

Google skipfish: a scanner website security Open Source. Its a fully automated, web application security force recognition tool. The following are some Key features of it :

• High speed: pure C code, Highly optimized handling HTTP, minimal footprint CPU - Easily Achieving 2000 requests per second with responsive targets.
• Ease of use: heuristics to Support a Variety of web frameworks and quirky mixed-technology sites, with automatic learning Capabilities, on-the-fly creation wordlist, and auto-completion form.
• Cutting-edge security logic: high quality, low false positive differential security checks, capable of spotting a range of Subtle Flaws, Including Blind injection vectors.

[Twitter]

A rough list of the security checks Offered By The tool IS Outlined below :

• High Risk Flaws (Potentially Leading to system compromise):
• Server-side SQL Injection (Including blind vectors, Numerical parameters).
• Explicit SQL-like syntax in GET or POST parameters.
• Server-side shell command injection (Including blind vectors).
• Server-side / XML, XPath injection (Including blind vectors).
• Format string vulnerabilities.
• Integer overflow vulnerabilities.
• Rentals Accepting HTTP PUT.

[Orlando]

Google has launched an open source security scanner, under Apache license 2.0, for websites and web applications that allows developers to detect security vulnerabilities. Google launched an open source security scanner for developers, called Skipfish , which offers similar functionality to Nmap or Nessus example.

[Steinbach]

I would like to tell explain some more things about the Skipfish which acts as a Security Scanner for the web applications. It uses heuristics automated, and can detect pieces of code that are vulnerable to attacks such as cross-scripting (XSS), SQL injections, but also XML and many others. The tool also provides a module for interpreting the results as a final report.

[BoanHed]

Skipfish is a security analysis tool multi-platform, released under Apache license. Intended for developers of web sites and applications, Skipfish perform an audit of the code for security vulnerabilities. It is written in C, optimized for HTTP, it is presented as little use of CPU. It easily fill 2,000 requests per second with appropriate targets. The tool includes heuristics for most websites and is seen with machine learning capabilities. It also ensures the automatic completion of forms.

[SreeKanth]

A fully automated, active web application security tool Skipfish recognition is an active web application security tool recognition. It prepared annually for the Targeted Interactive sitemap site by Carrying out a recursive crawl and dictionary-based probes. The Resulting map is then annotated with the output from a number of active non-disruptive purpose Hopefully security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.