Web Testing Tools from Google

March 21, 2010

If you are a Web developer, or run a Web site, you might be interested in a couple of free software tools that have recently been made available by Google.

One of the key trends on the Web in recent years has been the greatly increased use of JavaScript on Web pages.  Probably the best known site that makes very heavy use of JavaScript is Facebook.  Browser vendors have, in turn, spent significant time improving the performance of their processing engines for JavaScript.  While there have been reasonably well-known tests for JavaScript performance available (like the SunSpider benchmark), another important characteristics of a JavaScript implementation is how well it conforms to the specification of the language.

Last summer, Google launched a suite of JavaScript conformance tests that they call Sputnik, which tests a JavaScript implementations compliance with the ECMA-262 specification of the language..  Now, according to an announcement on the official Chromium Blog, Google has also released a “test runner” that allows you to run the tests from within your browser.

Since we released the Sputnik tests as an open source project, the most requested feature has been the ability to run the tests in a browser, and we are excited to launch that functionality today. The new test runner lets you run the tests from a single URL and quickly see the results in your browser.

The Sputnik tests are licensed under the New BSD open-source license, and you can run them in your browser from this Google Labs page.

The other tool now available is the Skipfish Web  application security scanner.  According to its Web page at Google, it has the following features:

  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

Skipfish is available under the Apache 2.0 license, and can be downloaded from the Web page above.  The tool is believed to work on Linux, Free BSD, Mac OS X environments, and on Windows if the Cygwin environment is available.  The Wiki documentation is here.


%d bloggers like this: