Google's Lemon squeezes out web app bugs

Google is developing an automated tool for finding common web application vulnerabilities. The tool, dubbed Lemon, is still in development by the ad-brokering giant's security researchers but is already been used internally. It's unclear whether or not Google will release the vulnerability testing tool more generally. Free …

This topic is closed for new posts.

Posted Wednesday 18th July 2007 17:07 GMT

Chris Miller

This will upset IBM

Having just shelled out $$$ for Watchfire, whose AppScan is one of the leading commercial tools for identifying web app bugs.

Posted Wednesday 18th July 2007 20:10 GMT

joi

Yes, lemon is an automated bug finder...

... and the MOAB is an automated bunker weakness probing tool.

Posted Thursday 19th July 2007 04:32 GMT

Anonymous Coward

Not immediately useful

Just because you find vulnerabilities does not

mean you can fix them it does mean you can

exploit them I write these damned web apps

and I don't need fuzzers to break most others

web apps but given a thorough

enough going over I assume it will break mine somewhere

in other words they need to keep this thing until

it reaches the point where it can also fix them dynamically

then release it as a site manager application that

way it might be of some use otherwise it just causes

you to move holes around like MS with IE they are

still doing that BTW.Please I have enough to do.

Posted Thursday 19th July 2007 04:32 GMT

b shubin

MOAB

that would be "a physical method or device that provides structural analysis and diagnostics for subsequent forensic examination, in a repeatable and consistent manner, using controlled energy application...specifically designed for testing reinforced or fortified structures".

i'm pretty sure that's what the original DARPA proposal claimed...

Posted Thursday 19th July 2007 22:14 GMT

Anonymous Coward