|^|

I spent the weekend looking at a some code secuity review tools and found heaps of info about some of the legacy code I'd written and knew was a bit clunky. Now the other side of security testing is the public access of your service. First thing in my news feed this morning was Google's release of their interenal web app security testing tool SkiFish. I've downloaded and cant wait to start playing with it.

Yet another freebie Google is using to keep the crowd happy (and better off), Microsoft have their own seucrity baselines testing framework and comparing them would be apples and oranges at this stage - but using both (and more) should be a no brainer...

Check it out:

http://googleonlinesecurity.blogspot.com/2010/03/meet-skipfish-our-automated-web.html