If you are a Web developer, or run a Web site, you might be interested in a couple of free software tools that have recently been made available by Google.
Since we released the Sputnik tests as an open source project, the most requested feature has been the ability to run the tests in a browser, and we are excited to launch that functionality today. The new test runner lets you run the tests from a single URL and quickly see the results in your browser.
The Sputnik tests are licensed under the New BSD open-source license, and you can run them in your browser from this Google Labs page.
The other tool now available is the Skipfish Web application security scanner. According to its Web page at Google, it has the following features:
- High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
- Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
- Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
Skipfish is available under the Apache 2.0 license, and can be downloaded from the Web page above. The tool is believed to work on Linux, Free BSD, Mac OS X environments, and on Windows if the Cygwin environment is available. The Wiki documentation is here.