Google’s Lemon

Has anyone seen or heard much about Google’s Lemon?

Lemon is a black box tester, which assumes no knowledge of the internal structure of an application or device.

According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting (XXS) vulnerabilties, but Google is “in the process of adding new attack vectors to improve the tool against [other] known security problems”.

Oh, and has anyone ever heard the term “fuzzers” before either?

Category: PHP, Web 2 comments »

2 Responses to “Google’s Lemon”

  1. Brad

    Fuzzers are actually really common security tools and are used in the discovery of many, many vulnerabilities.

  2. enygma

    Cool – well, one question down.
    Seems like an interesting balance – may not find small problems but when it does, they could be major ones to fix (so says Wikipedia)

Leave a Reply

Back to top