With the rapid growth of internet, number of websites are increasing exponentially and these are the major source of information.Hence it is necessary to keep this source safe from online frauds and hacks.These days Websites are mostly hacked due to some security holes.Since most are database driven so hackers/crackers also use sql injection to get credential information from the database.XML injection and Cross site Scripting(XSS) is another most widely used hacking techniques thesedays.But all these hacks happens due to the loopholes in website design and coding.
Skipfish is an open source web security tool which can be used to scan the websites against the SQL/XML injection or XSS loopholes.
It creates a site map based on the recursive crawl and dictionary based probes,to analize the security leaks in the websites.
Features of Skipfish :
Its performence is very high as it can handle more than 500 request/sec against internet targets,more than 2000 requests/sec on
LAN network with a modest CPU and network.Advanced HTTP/1.1 features,smart response caching..and many more.
Simple to Use :
It is highly reliable and simple to use.It can create automatic wordlist based on the analysis of site content.It has probabilistic
scanning feature for allowing periodic and time-bound assessments of complex sites.
Well-Designed Security checks :
It provides security check against stored XSS(Path,parameters and headers),blind sql and XML injection.It has also the feature of signature checks for detecting vulnerabilities.
Fore more info : http://code.google.com/p/skipfish/wiki/SkipfishDoc
credit : Google Inc