Google Open Sources web-security scanner
[Source: http://www.siliconindia.com/shownews/Google_Open_Sources_websecurity_scanner-nid-66489-cid-2.html ] Google continue to contribute to the open source community and has now launched open-source web-security scanner called Skipfish that is designed to allow people to scan web applications for security holes. The tool scans a web application for flaws including "tricky scenarios" such as blind SQL or XML injection, Google developer Michal Zalewski said in the Skipfish wiki, according to ZDNet. Zalewski wrote that there are already a number of both commercial and open-source scanning tools available, including Nikto and Nessus, and recommended that people use the tool that suits them. However, he added that Skipfish is high performance, with over 500 requests per second against internet targets, and over 2,000 requests per second on LANs, depending on the capabilities of the server being tested. Skipfish prepares a sitemap annotated with interactive crawl results...