Slashdot Mirror
Google Hands Out Web Security Scanner
An anonymous reader writes "Apparently feeling generous this week, Google has released for free another of their internally developed tools: this time, a nifty web security scanner dubbed skipfish. A vendor-sponsored study cited by InformationWeek discovered that 90% of all web applications are vulnerable to security attacks. Are Google's security people trying to change this?"
Considering how many web apps use Google APIs in some form or another these days, I'd say it's in their best interests to ensure those sites don't all become a liability to eachother by way of their centralized cloud.
CAn'T CompreHend SARcaSm?
Is VERY fast, been observed 500 request/seconds against responsive internet servers, 2000/sec when in the same lan, and of course, is targetted against dynamic apps, not exactly static images/content. With that speed the first vulnerability that they will find is vulnerability to DoS attacks. The good news: when the bad guys try to find your application vulnerabilities using this tool, that will be the only one that they will find. Worst case scenario: the code gets included in a botnet,
There's more to the internet than other people's web sites. The design of the web is intended for each server to control and serve its own information. This is broken by the fact that the vast majority of internet users want to share information via the web but do not run their own servers. The web was simply not designed for this use-case and cannot handle it sanely in the case of information that is private to a group of people who do not run their own servers.
That may be a good reason to assert that currently the prospects for privacy on the internet look rather bleak, but other methods for sharing information involving encryption and/or friend-to-friend networks, etc. could be developed. Even without key verification being commonplace, they could make spying on the everyday communications of ordinary citizens untenable.
Centralization breaks the internet.