Benjamin Tomhave wrote: > I guess we can all retire now, eh? I find it so exciting that the app is > "written in pure C"... and coming from Google, I'm sure it won't leak > info back to the mothership at all... > > "Meet skipfish, our automated web security scanner" > http://googleonlinesecurity.blogspot.com/2010/03/meet-skipfish-our-automated-web.html >
Yeah, this comment in the project Wiki makes me feel better already: All right, I want to try it out. What do I need to know? First and foremost, please do not be evil. Use skipfish only against services you own, or have a permission to test. On a good note though, Michal Zalewski is a well-respected developer, so I might be willing to give it a chance... against someone else's app. (jk) -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." -- Nathaniel Borenstein, co-creator of MIME _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________