Benjamin Tomhave wrote:
> I guess we can all retire now, eh? I find it so exciting that the app is
> "written in pure C"... and coming from Google, I'm sure it won't leak
> info back to the mothership at all...
>
> "Meet skipfish, our automated web security scanner"
> http://googleonlinesecurity.blogspot.com/2010/03/meet-skipfish-our-automated-web.html
>
Yeah, this comment in the project Wiki makes me feel better already:
All right, I want to try it out. What do I need to know?
First and foremost, please do not be evil. Use skipfish only against
services you own, or have a permission to test.
On a good note though, Michal Zalewski is a well-respected developer, so I
might be willing to give it a chance... against someone else's app. (jk)
-kevin
--
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
