Just wrote a quick review and jotted down some insights to Google's new web application security scanner. Skipfish. Read the whole thing at the link or just check out the "skinny"  

    The Skinny:

    We like it. As Google says, its not an end-all-be-all for web application scanners, but it definitely has some great logic, features, and is blazing fast. Also if you have seen the dev track the developer Michal Zalewski has been quick to update for problems (1.01b fixes some crashing problems) and has some great upcoming features planned (pause/resume, VIEWSTATE testing, etc.) Although no scanner will ever replace a smart web app assessment engineer, Skipfish shows some great potential in the security space and… its free. It wont replace any of our manual processes but we will definitely use it when applicable. Thanks Google.

http://www.redspin.com/blog/2010/03/19/skipfish-google-enters-the-web-scanner-fray/

No problem Ketchup! Part of my job is "competitive analysis" and "research" so im always testing and reviewing new tech. A web scanner from Google was big news so we took the morning in the lab to test =) I love pentesting and writing about pentesting. Luckily its my job and my passion.


That plus i drink a lot of coffee and live on the twitter stream

Thanks for the write-up Jason, seems promising. Will try it out as soon as possible.

All,

I created a small video demonstration of setup and simple usage http://www.isolatedthreat.com/?page_id=192. This the first one of many I will hopefully get to do in areas such as exploit dev, malware reversing and security.