Google Releases Open Source Skipfish Security Tool
Web developers that care about security should check out Google's latest addition to its open source tool.
It's called skipfish. It's written in C. It's is a fully automated Web application that scrounges through your Web site looking for security holes.
It's supposed to be easy because skipfish uses "heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion."
According to Google, skipfish implements cutting-edge security logic: "high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors."
The tool should run on Linux, FreeBSD 7.0+, MacOS X and Windows(Cygwin).