Don’t be evil with our web app scanner, says Google

SOFTWARE HOUSE Google has released a free and open source tool with the quirky name Skipfish to aid developers in building safe web applications.

The beta version of the software is available to download now, and it can check for security flaws including SQL injections and format string vulnerabilities. Google has touted the advantages of it being high performance, easy to use and well-designed.

However, Google has made it very clear that the tool should not to be used for evil as all types of security testing can be disruptive. It said that the scanner was not meant to be used for malicious attacks, but that it could "accidently interfere with the operations of a website.

Google has also given a rather worrying warning that users need to accept the risks of the scanner and plan for the consequences if things go wrong.

It said, "Also note that the tool is meant to be used by security professionals, and is experimental in nature."

"It may return false positives or miss obvious security problems - and even when it operates perfectly, it is simply not meant to be a point-and-click application. Do not rely on its output at face value."

Google would have you believe that it is releasing the tool to make sure that it helps the "safety of the Internet", but the less altrusitic truth is that a cleaner and faster web means more profit, for Google of course. µ