Penetration Testing mailing list archives
Re: PHP security analysis
From: Kish Pent <kish_pent () yahoo com>
Date: Fri, 9 May 2008 00:56:41 -0700 (PDT)
Hi Umut, I would advise you to build secure code from scratch. In other words, make your code secure by following secure coding practises in your SDLC. Incase you only want the tool and not the "solution" to the root cause of the problem then you can probably try using SWAAT from Security Compass. Note: SWAAT only "assists" in code review, it doesn't "exactly" do code review for you. Cheers, Kish --- Serg B <sergeslists () gmail com> wrote:
You may want to look into Fortify $ource Code Analyzer v5.x - supports PHP Not cheap, don't know of any free code scanners On Fri, May 9, 2008 at 5:35 AM, Umut Arus <umuta () sabanciuniv edu> wrote:Hi, I'm looking for the best web application analysiswhich is the toolespecially PHP. I want to analyse the written PHPcodes for security holes.It is not important the way of scanning. It may bea command tool or URLscanning. It should be a free or one time tool. Which tool gives the most detailed information? Regards,
------------------------------------------------------------------------
This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solutionFREE today!http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads
------------------------------------------------------------------------
-- Kishore Parthasarathy, Penetration Tester, Smart Security, 17/1,Upstairs, Sarojini St,T.Nagar, Chennai - 600 017 Phone: 91 98841 80767 -- Trust everyone just don't trust the devil inside 'em --- Italian Job, 2003 ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- PHP security analysis Umut Arus (May 08)
- Re: PHP security analysis Serg B (May 08)
- Re: PHP security analysis Kish Pent (May 09)
- Re: PHP security analysis Nikhil Wagholikar (May 09)
- Re: PHP security analysis Serg B (May 08)