Posted by l33tdawg on Friday, July 20, 2007 - 12:02 AM (Reads: 15)
Source: ZDNet (Australia)
Google is working on a security tool -- codenamed Lemon -- to detect vulnerabilities in its Web applications.
The tool -- the name of which Google says is derived from the term for a defective product works by fuzz testing or fault-injection, which brute-force tests by supplying random data inputs that are designed to trigger and expose flaws in Web applications. Lemon is a black box tester, which assumes no knowledge of the internal structure of an application or device.
According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting (XXS) vulnerabilties, but Google is "in the process of adding new attack vectors to improve the tool against [other] known security problems".
No comments:
Post a Comment