Tech
Google releases Skipfish Web security scanner
The new open-source tool is designed to search for flaws, including "tricky scenarios" such as blind SQL or XML injection.
![tom-espiner.jpg](https://www.zdnet.com/a/img/resize/67310ee8f7e1f78d688a1d30b97fcd110e981c3a/2014/07/22/041da4a6-1175-11e4-9732-00505685119a/tom-espiner.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
Google has released an open-source Web security scanner called Skipfish that is designed to allow people to scan Web applications for security holes.
The tool scans a Web application for flaws including "tricky scenarios" such as blind SQL or XML injection, Google developer Michal Zalewski said in the Skipfish wiki.
Skipfish prepares a site map annotated with interactive crawl results, highlighting flaws, after a recursive crawl and dictionary-based probing of the target site. The tool can also generate a final report that can be used as a basis for a security assessment.
Read more of "Google releases Skipfish Web security scanner" on ZDNet UK.