free scans from Google...

[kowsik at gmail.com (kowsik)]

Unlike other services from Google, you have the source so you can see
if it calls home. BTW, Michal has done some great work in the past
(TCP strange attractors being one of my favorite ones). The
phase-space approach for sequence numbers is now used quite a bit in a
number of web-app scanners for entropy analysis of cookies and
session-ids, amongst other things.

K.
---
http://www.pcapr.net
http://labs.mudynamics.com
http://twitter.com/pcapr

On Fri, Mar 19, 2010 at 1:39 PM, Benjamin Tomhave
<tomhave at secureconsulting.net> wrote:
> I guess we can all retire now, eh? I find it so exciting that the app is
> "written in pure C"... and coming from Google, I'm sure it won't leak
> info back to the mothership at all...
>
> "Meet skipfish, our automated web security scanner"
> http://googleonlinesecurity.blogspot.com/2010/03/meet-skipfish-our-automated-web.html
>
> --
> Benjamin Tomhave, MS, CISSP
> tomhave at secureconsulting.net
> Blog: http://www.secureconsulting.net/
> Twitter: http://twitter.com/falconsview
> LI: http://www.linkedin.com/in/btomhave
>
> [ Random Quote: ]
> "Do you think that when they asked George Washington for ID that he just
> whipped out a quarter?"
> Steven Wright
>
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L at securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> _______________________________________________