Skipfish is a new service from Google that allows you to scan a site for vulnerabilities. They say the following which seems to me to be incredibly nieve:
All right, I want to try it out. What do I need to know?
First and foremost, please do not be evil. Use skipfish only against services you own, or have a permission to test.
Keep in mind that all types of security testing can be disruptive. Although the scanner is designed not to carry out malicious attacks, it may accidentally interfere with the operations of the site. You must accept the risk, and plan accordingly. Run the scanner against test instances where feasible, and be prepared to deal with the consequences if things go wrong.
Now hang on, isn’t is as simple as asking me to upload a skipfish.txt file to my root and only running the service if it’s there — and better yet dated currently? This is a great new service from Google, but I could in fact use it in disruptive ways. It’s easy for the team to correct it.
via SkipfishDoc – skipfish – Project documentation – Project Hosting on Google Code.
No related posts.
{ 2 comments… read them below or add one }
If one were to connect the dots between the recent cyber attacks on Google and the release of Skipfish, and one had a weakness for “theories” one might surmise that Google is trying to arm the masses to retaliate. Well, now that doesn’t make any sense at all does it? No. Of course not. Google is all about the “don’t be evil” right?
Is Skipfish bait?
More from author
Security Scan by Skipfish – Why Not Require a Permission File? http://shar.es/mfRaW Is Google’s Skipfish bait?
This comment was originally posted on Twitter
More from author