Google has released a new open-source security scanner named “Skipfish” that detects code which is vulnerable to cross-site scripting, SQL and XML injection, and other types of attacks. Developers already have several open source tools that allow them to test Web apps for security tools, but Skipfish is said to be much faster. According to Google, the new tool can easily process 2,000 HTTP requests per second.
Google says that it uses Skipfish to test its own apps, but it also points out that while the app is helpful, developers should perform additional security checks to make sure their code is secure.