View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 19, 2014

Nobody expects the Google Inquisition!

Firm leaks details of new web app scanner, amid launch of testing environment for the tool.

By Jimmy Nicholls

Google is set to subject code to the comfy chair treatment after it revealed details of its in-house web application security scanner, codenamed Inquisition.

Built off the back of the web browser Chrome and Google Cloud Platform, the tool is designed for accessibility, with support for the latest HTML 5 and a low false positive rate.

Claudio Criscione, security engineer at Google, said: "Securing modern web applications can be a daunting task — doubly so if they are built (quickly) with diverse languages and technology stacks.

"That’s why we run a multi-faceted product security programme, which helps our engineers build and deploy secure software at every stage of the development lifecycle."

As part of the scheme Google has launched Firing Range, an open source testing environment for automated scanners, that comes with a wide range of cross-site scripting (XSS) bugs, among other vulnerabilities.

The Java app is available on the code repository Github, and can also be deployed as a Google App Engine application, with a public instance already running online.

"Our testbed doesn’t try to emulate a real application, nor exercise the crawling capabilities of a scanner," Criscione added.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"It’s a collection of unique bug patterns drawn from vulnerabilities that we have seen in the wild, aimed at verifying the detection capabilities of security tools."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.