Google has just released a free security scanning tool for web developers called Skipfish. The tool is compiled by the end user and its C language code should work on Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
The idea behind skipfish is pretty basic … it will scan your webserver building an index and then use techniques to find security problems.
If you are running it against your own remote server you can expect somewhere around 500 to 1,000 checks a second but if you run it locally on the same network you can get up to about 7,000 checks per second.
In addition to SQL injections it also checks for xss problems and a number of other moderately interesting but probably not harmful problems with your site.
Since the tool is free to use there is no reason it should not be in your toolbox.
For more information about the project and to download the source files visit…
