CALL 1-781-218-9881

Security Scan by Skipfish – Why Not Require a Permission File?

Posted on by Jim Spencer

Skipfish is a new service from Google that allows you to scan a site for vulnerabilities. They say the following which seems to me to be incredibly nieve:

All right, I want to try it out. What do I need to know?

First and foremost, please do not be evil. Use skipfish only against services you own, or have  permission to test.

Keep in mind that all types of security testing can be disruptive. Although the scanner is designed not to carry out malicious attacks, it may accidentally interfere with the operations of the site. You must accept the risk, and plan accordingly. Run the scanner against test instances where feasible, and be prepared to deal with the consequences if things go wrong.

Now hang on, isn’t is as simple as asking me to upload a skipfish.txt file to my root and only running the service if it’s there — and better yet dated currently?  This is a great new service from Google, but I could in fact use it in disruptive ways.  It’s easy for the team to correct it.

via SkipfishDoc – skipfish – Project documentation – Project Hosting on Google Code.

Share
Share
Tweet
0 Shares
This entry was posted in Website Enhancements. Bookmark the permalink.

One thought on “Security Scan by Skipfish – Why Not Require a Permission File?

  1. If one were to connect the dots between the recent cyber attacks on Google and the release of Skipfish, and one had a weakness for “theories” one might surmise that Google is trying to arm the masses to retaliate. Well, now that doesn’t make any sense at all does it? No. Of course not. Google is all about the “don’t be evil” right?

    Is Skipfish bait?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *