HZGN.COM
welcome to my space
X
Search:  
Welcome to:hzgn.com
NAVIGATION - HOME
Google's Black Box Lemon
Published by: jack 2009-01-08

Google is serious about security, especially when the need for it hits close to home.

Because cross site scripting (XSS) and other sorts of injection attacks are a particular threat to Google, the company's security team is developing a black box fuzzing tool called Lemon, which is intended to automatically find XSS problems in applications.

But don't expect to be able to use it anytime soon; Google is likely to keep a tight lid on this effort.

Fuzzing is also known as fault injection testing and is a widely used technique in security circles to try and break down applications and expose flaws.

"Our vulnerability testing tool enumerates a Web application's URLs and corresponding input parameters," Srinath Anantharaju a developer on Google's security team, wrote in a blog post. "It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyzes the resulting responses for evidence of such vulnerabilities."

YouTube - This Beautiful Republic - Black Box::
cellpadding=0 cellspacing=0>YouTube - This Beautiful Republic - Black BoxSign in with your Google Account! Loading Want to flag a 2 min 29 sec -
http://url?q=www.youtube.com/watch%3Fv%3Dwo6HmVSkl_8%26feature%3Drelated&sa=X&oi=video_result&resnum=17&ct=thumbnail&usg=AFQjCNGK_L7J39wmr_UTjl89oVSAbEtOtg>

HOME

Google Lemon, according to Anantharaju, will also discover other types of security issues, including cooking poisoning and response splitting attack. Lemon is "homegrown" and is being actively developed by Google with new attack vectors.

Though Google looked at commercially available fuzzers on the market, Anantharaju said the company felt its specialized needs could be served best by developing its own. It's likely to stay that way, too.

"Lemon is highly customized for Google apps and we have no plans to market it externally in near future," Anantharaju said.

Google has seen a number of serious XSS flaws, some of which included an AdWords flaw in December and a desktop flaw in February that were publicly disclosed and originally discovered by third parties.




Red Hat's Rough Recovery From CFO Exit
Windows Live Finds a New, Pre-installed Home

  • disclosure of executives 39 compensation
  • home equity lines
  • for taxmama timing of s corp dividends
  • part time worker salary purchases
  • how often can distributions dividends be paid from an s corp to shareholders
  • identify worldwide prospects for an east asian business consultant trainer
  • oceanspray coop owners
  • stock certificate amerecen industries
  • political risk consulting
  • massachusetts corporations
  • payroll bureau industry
  • road tax and head tax defined for california
  • notary fees

  • loss on repossession of business auto
  • worth of 250 shares from old dominion oil and gasoline company of tulsa ok
  • finding a business consultant in the philadelphia area
  • who else want a drink just ask roger
  • quickbooks entry
  • rebate fulfillment processing of consumer promotions industry analysis
  • change of stocks over time
  • canadian income taxes vs united states income taxes
  • capital gains tax on foreign stock
  • tax breaks for suvs
  • no income proof
  • student loan consolidation perkins loans
  • managing 401k
  • consolidation accounting
    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about Google's Black Box Lemon , Please add it free.

    About us -Site map -Advertisement -Jion us -Contact usExchange linksSponsor us
    Copyright© 2008 hzgn.com All Rights Reserved
    Site made&Support support@hzgn.com    E-mail: web@hzgn.com