Risk

3/19/2010
05:23 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Releases Free Web Security Scanner

The open-source skipfish software can be used as preparation for a professional Web application security evaluation.

Google on Friday released an automated Web security scanning program called skipfish to help reduce online security vulnerabilities.

Though skipfish performs the same functions as other open-source scanning tools like Nikto and Nessus, Google engineer Michal Zalewski argues that skipfish has a several advantages.

It operates at high speed, thanks to optimized HTTP handling and a low CPU footprint, and can easily reach 2000 requests per second, he explains in a blog post.

It's easy to use, he claims.

And, he says, it incorporates advanced security logic, which helps reduce the likelihood of generating false positives. The techniques used in skipfish are similar to those used in another security tool that Google released in 2008 called ratproxy.

"As with ratproxy, we feel that skipfish will be a valuable contribution to the information security community, making security assessments significantly more accessible and easier to execute," he says.

However, in the skipfish documentation, Zalewski notes that the software is not a silver bullet for security problems and may not be right for certain purposes. "For example, it does not satisfy most of the requirements outlined in WASC Web Application Security Scanner Evaluation Criteria," he writes. "And unlike most other projects of this type, it does not come with an extensive database of known vulnerabilities for banner-type checks."

The need for security scanning tools is clear. In its Q3-Q4 2009 Trends Report, security vendor Cenzic found that 90% of Web applications have vulnerabilities.

As it happens, Cenzic offers a commercial vulnerability scanning service, starting at $399 a year, which includes nine Web attacks.

That's in addition to the attacks coming from cybercriminals, which are initially free but can incur significant costs after the fact.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jabeatty
50%
50%
jabeatty,
User Rank: Strategist
6/19/2018 | 9:43:05 AM
Re: Brother Printer Support
Spamming is generally much more effective when you post to a topic that's a little more current.
Brother Printer Support
0%
100%
Brother Printer Support,
User Rank: Apprentice
6/15/2018 | 7:36:38 PM
Re: Brother Printer Support
I thought I should try to call that number, Trust me the Brother Printer Repair Services its cool and very much helpful, their advisors having too much depth on the subject, they know  how to treat a customer for his/her panic time and should have carefully deal with him/her problem, and they absolutely gave me the solution, and they make sure customer make happy at end of tour. Really too much relief I had these time, such I could not explain it my feelings. 
Brother Printer Support
0%
100%
Brother Printer Support,
User Rank: Apprentice
6/15/2018 | 7:36:04 PM
Re: Brother Printer Support
I thought I should try to call that number, Trust me the Brother Printer Repair Services its cool and very much helpful, their advisors having too much depth on the subject, they know  how to treat a customer for his/her panic time and should have carefully deal with him/her problem, and they absolutely gave me the solution, and they make sure customer make happy at end of tour. Really too much relief I had these time, such I could not explain it my feelings. 
Brother Printer Support
0%
100%
Brother Printer Support,
User Rank: Apprentice
6/7/2018 | 1:27:21 PM
Brother Printer Support
Off Course, you have to search any kind of information we have to want we search at GOOGLE. But Need is an important matter what we need actually If we want to support related issue then Search Support like we have a printer of Brother, Then we have a problem with then go to search for Brother Printer Repair Services, then we have the proper solution of the matter. 
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12580
PUBLISHED: 2018-06-19
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
CVE-2018-12578
PUBLISHED: 2018-06-19
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
CVE-2018-1061
PUBLISHED: 2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1073
PUBLISHED: 2018-06-19
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-12557
PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...