Risk

3/19/2010
05:23 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Releases Free Web Security Scanner

The open-source skipfish software can be used as preparation for a professional Web application security evaluation.

Google on Friday released an automated Web security scanning program called skipfish to help reduce online security vulnerabilities.

Though skipfish performs the same functions as other open-source scanning tools like Nikto and Nessus, Google engineer Michal Zalewski argues that skipfish has a several advantages.

It operates at high speed, thanks to optimized HTTP handling and a low CPU footprint, and can easily reach 2000 requests per second, he explains in a blog post.

It's easy to use, he claims.

And, he says, it incorporates advanced security logic, which helps reduce the likelihood of generating false positives. The techniques used in skipfish are similar to those used in another security tool that Google released in 2008 called ratproxy.

"As with ratproxy, we feel that skipfish will be a valuable contribution to the information security community, making security assessments significantly more accessible and easier to execute," he says.

However, in the skipfish documentation, Zalewski notes that the software is not a silver bullet for security problems and may not be right for certain purposes. "For example, it does not satisfy most of the requirements outlined in WASC Web Application Security Scanner Evaluation Criteria," he writes. "And unlike most other projects of this type, it does not come with an extensive database of known vulnerabilities for banner-type checks."

The need for security scanning tools is clear. In its Q3-Q4 2009 Trends Report, security vendor Cenzic found that 90% of Web applications have vulnerabilities.

As it happens, Cenzic offers a commercial vulnerability scanning service, starting at $399 a year, which includes nine Web attacks.

That's in addition to the attacks coming from cybercriminals, which are initially free but can incur significant costs after the fact.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jabeatty
50%
50%
jabeatty,
User Rank: Strategist
6/19/2018 | 9:43:05 AM
Re: Brother Printer Support
Spamming is generally much more effective when you post to a topic that's a little more current.
Brother Printer Support
0%
100%
Brother Printer Support,
User Rank: Guru
6/15/2018 | 7:36:38 PM
Re: Brother Printer Support
I thought I should try to call that number, Trust me the Brother Printer Repair Services its cool and very much helpful, their advisors having too much depth on the subject, they know  how to treat a customer for his/her panic time and should have carefully deal with him/her problem, and they absolutely gave me the solution, and they make sure customer make happy at end of tour. Really too much relief I had these time, such I could not explain it my feelings. 
Brother Printer Support
0%
100%
Brother Printer Support,
User Rank: Guru
6/15/2018 | 7:36:04 PM
Re: Brother Printer Support
I thought I should try to call that number, Trust me the Brother Printer Repair Services its cool and very much helpful, their advisors having too much depth on the subject, they know  how to treat a customer for his/her panic time and should have carefully deal with him/her problem, and they absolutely gave me the solution, and they make sure customer make happy at end of tour. Really too much relief I had these time, such I could not explain it my feelings. 
Brother Printer Support
0%
100%
Brother Printer Support,
User Rank: Guru
6/7/2018 | 1:27:21 PM
Brother Printer Support
Off Course, you have to search any kind of information we have to want we search at GOOGLE. But Need is an important matter what we need actually If we want to support related issue then Search Support like we have a printer of Brother, Then we have a problem with then go to search for Brother Printer Repair Services, then we have the proper solution of the matter. 
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19270
PUBLISHED: 2018-11-14
In yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7, an out-of-bounds user space access in the read handler of the yurex USB device driver could be used by local attackers to crash the kernel or potentially escalate privileges.
CVE-2018-19271
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SQL Injection via the main.php searchH parameter.
CVE-2018-19277
PUBLISHED: 2018-11-14
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
CVE-2018-19186
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter.
CVE-2018-19187
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.