Don’t forget to leave your comments, opinions, or hate mail. All entries will be published (unless you use bad language, so keep it civil).

I was looking to install Skipfish, Google’s web security testing application, on my development server. My server runs CentOS (basically RedHat). There seem to be a bunch of instructions for Debian-based Linux installs, but not for RedHat versions.

Skipfish will allow me to test my various websites for security issues such as cross-site scripting, SQL injection, server config problems, and more in a development environment. The idea is to test sites (especially anything handling monetary transactions) before any large updates are implemented to a production/live system.

Obviously, the first step is download the latest version of Skipfish to the server you’re working on. As of today, the current version is 1.34b; as updates are made make sure you update the below statement.

Use the Yum automated software installer and ensure you have the appropriate dependencies.

Use make to compile the application and copy the default library to be used (per the Skipfish project’s suggestions).

Everything should be all set and ready to go. You can access Skipfish by running the skipfish command with various flags. See the Skipfish documentation for details or enter the below for a quick review.

Tags: Google, Linux, Web Security

Posted in Web Development
No Comments Yet Posted by Bryan Gruhlke