Google’s Lemon

Has anyone seen or heard much about Google’s Lemon?

Lemon is a black box tester, which assumes no knowledge of the internal structure of an application or device.

According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting (XXS) vulnerabilties, but Google is “in the process of adding new attack vectors to improve the tool against [other] known security problems”.

Oh, and has anyone ever heard the term “fuzzers” before either?

2 comments

Fuzzers are actually really common security tools and are used in the discovery of many, many vulnerabilities.

http://en.wikipedia.org/wiki/Fuzz_testing

LikeLike

Cool – well, one question down.
Seems like an interesting balance – may not find small problems but when it does, they could be major ones to fix (so says Wikipedia)

LikeLike

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Share this:

Like this:

Related

2 comments

Leave a Reply Cancel reply