Google Security ScannerGoogle produced, yet, another technologically-advanced web security pack that is very useful especially in identifying vulnerabilities in the newly-developed programs of many different companies. Skipfish, as what Google named this application, appears to work the same way as Nmap and Nessus. However, Skipfish differs from the rest of the open source scanners since it is deemed to operate more rapidly than the ones available online. Scanning as means of minimizing security risksThis Google application functions by identifying codes, which makes software susceptible from various kinds of attacks. The scanner finds cross-site scripting in a program that allows the attackers to inject malicious scripts into the web pages being viewed by the users. The application also looks for the software codes, which increases the risk of SQL and XML injection attacks. The open web source scanner also has a thorough evaluation of the scan results that is very helpful during analysis of reports. An advanced mechanism for a guaranteed safetyBased on Google’s statement, this program is capable of handling about 2,000 HTTP requests per second only if the server being tested can manage such great amount of work. Approximately 7,000 requests per second were sent during individual tests in different local networks. And, this became possible through the utilization of a CPU that has the capability of dealing with vast amount of load and also has an outstanding memory. Enhanced method that surpasses other schemes Google was able to accomplish such an exceptional performance when a serial I/O model was used in managing the responses. The company handles the responses through a non-blocking scheme, which showed superior results compared to the usual multi-threaded methods commonly applied in conjunction with the simultaneous management of all the requests being accepted. Features, like the HTTP 1.1 range requests, allow the maximal utilization of the HTTP connection. Maintained connections and data compression are also needed in order to sustain the network bandwidth requirements of Skipfish. Google makes use of what they own Google uses their open web source scanner for detecting vulnerabilities of their software as well. The scanner may seem to have an extensive detection of security flaws in various applications. However, Google emphasizes that this program is still not enough to meet the standards, Web Application Security Scanner Evaluation Criteria, set by the Web Application Security Consortium. The most up-to-date version of Skipfish is the beta version 1.10 and users may find the list of issues in the Google Code page. This open web source scanner is distributed together with Apache License version 2.
|