Just wrote a quick review and jotted down some insights to Google's new web application security scanner. Skipfish. Read the whole thing at the link or just check out the "skinny" 😉
We like it. As Google says, its not an end-all-be-all for web application scanners, but it definitely has some great logic, features, and is blazing fast. Also if you have seen the dev track the developer Michal Zalewski has been quick to update for problems (1.01b fixes some crashing problems) and has some great upcoming features planned (pause/resume, VIEWSTATE testing, etc.) Although no scanner will ever replace a smart web app assessment engineer, Skipfish shows some great potential in the security space and… its free. It wont replace any of our manual processes but we will definitely use it when applicable. Thanks Google.