Security is by far the most important aspect that any webmaster should consider for long term website success. A lot of open source and commercial tools are available to scan your website for vulnerabilities. If you are looking for an efficient, powerful, fast and free tool, then you might need to give “Skipfish” a try.
Skipfish is a web application security scanner contributed, developed and maintained by the Google security engineering team headed by Michael Zalewski, a Google Inc. employee.
This tutorial is written primarily for beginners who are looking to expand their knowledge of website security, vulnerability detection and prevention using Skipfish.
System Requirements and Required Library Installation
This tutorial teaches you how to install and run Skipfish inside an Ubuntu local environment. With this, it is possible to scan both localhost and remote web server URL.
The methods and commands in this tutorial are tested using Ubuntu 10.04 LTS otherwise known as “Lucid Lynx”. Skipfish requires you to install some important libraries in advance before you can actually proceed to install Skipfish. This will ensure that you will not encounter serious installation issues. To do this, follow the steps below:
1.) Go to Administration ==> Update Manager and make sure you see the “Your System is up-to-date” message or else you need to update until all required and important updates of your system are installed.
2.) Install libidn11-dev package, go to Applications ==> Accessories ==> Terminal: