Fwd: Google Launches Free Web Application Scanning Tool (Skipfish)



Apologies for the Cross-posting..

http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=224000380

skipfish - web application security scanner

Written and maintained by Michal Zalewski <lcamtuf@xxxxxxxxxx>.
Copyright 2009, 2010 Google Inc, rights reserved.
Released under terms and conditions of the Apache License, version 2.0.

What is skipfish?

Skipfish is an active web application security reconnaissance tool. It
prepares an interactive sitemap for the targeted site by carrying out
a recursive crawl and dictionary-based probes. The resulting map is
then annotated with the output from a number of active (but hopefully
non-disruptive) security checks. The final report generated by the
tool is meant to serve as a foundation for professional web
application security assessments.

Obviously, the direct link:  http://code.google.com/p/skipfish/wiki/SkipfishDoc

Hoping to share experiencies...

--
Isaias Calderón, CISSP, ECSA, CEH

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Google Launches Free Web Application Scanning Tool (Skipfish)
    ... skipfish - web application security scanner ... Copyright 2009, 2010 Google Inc, rights reserved. ... Skipfish is an active web application security reconnaissance tool. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
    ... If there was no change then the security industry would be dead as the ... technology evolves so quickly that "new" technology is ... Information Assurance Certification ... Prove to peers and potential employers without a doubt that you can ...
    (Pen-Test)
  • Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
    ... holder globally and the most highly accredited Global Information Security ... Although technology moves on, many of the underlying foundations do not. ... Information Assurance Certification ... Prove to peers and potential employers without a doubt that you can ...
    (Pen-Test)
  • Re: University plan
    ... Core Security Technologies ... Find a good 4 year undergraduate school, ... a full practical examination in order to become certified. ... Information Assurance Certification Review Board ...
    (Pen-Test)