Last week, Slashdot had a link (http://code.google.com/p/skipfish/) to a Google project named skipfish, so I decided to download it. Today, I'm finally getting a chance to try it out. To stay out of trouble, I'm running a scan against my own web server.
Once it has completed its scan, I'll have an interactive site map, as web as a report to help me assess vulnerabilities of my web server. As it completed, it almost brought my system to a halt. It ended up causing hundreds of httpd processes to spawn on my system. This caused almost every bit of RAM and swap to get used up, and almost every application that I was running to be shut down. I have never seen such a high load average on my system, as it was over 80 on just a dual core!
In reading through the skipfish documentation, I came across some interesting links. First, http://code.google.com/p/browsersec/wiki/Part1, which is a document about web browser security. Second is this link to the Open Web Application Security Project (OWASP) http://www.owasp.org/index.php.
What is in an URI?