Google’s Lemon

Has anyone seen or heard much about Google’s Lemon?

Lemon is a black box tester, which assumes no knowledge of the internal structure of an application or device.

According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting (XXS) vulnerabilties, but Google is “in the process of adding new attack vectors to improve the tool against [other] known security problems”.

Oh, and has anyone ever heard the term “fuzzers” before either?



  1. Cool – well, one question down.
    Seems like an interesting balance – may not find small problems but when it does, they could be major ones to fix (so says Wikipedia)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s