Google’s Lemon

Has anyone seen or heard much about Google’s Lemon?

Lemon is a black box tester, which assumes no knowledge of the internal structure of an application or device.

According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting (XXS) vulnerabilties, but Google is “in the process of adding new attack vectors to improve the tool against [other] known security problems”.

Oh, and has anyone ever heard the term “fuzzers” before either?


  1. Cool – well, one question down.
    Seems like an interesting balance – may not find small problems but when it does, they could be major ones to fix (so says Wikipedia)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>