Penetration Testing mailing list archives

Re: PHP security analysis

From: Kish Pent <kish_pent () yahoo com>
Date: Fri, 9 May 2008 00:56:41 -0700 (PDT)

Hi Umut,

I would advise you to build secure code from scratch.
In other words, make your code secure by following
secure coding practises in your SDLC.

Incase you only want the tool and not the "solution"
to the root cause of the problem then you can probably
try using SWAAT from Security Compass.

Note: SWAAT only "assists" in code review, it doesn't
"exactly" do code review for you.

Cheers,
Kish



--- Serg B <sergeslists () gmail com> wrote:

You may want to look into Fortify $ource Code
Analyzer v5.x - supports PHP

Not cheap, don't know of any free code scanners

On Fri, May 9, 2008 at 5:35 AM, Umut Arus
<umuta () sabanciuniv edu> wrote:

Hi,

I'm looking for the best web application analysis

which is the tool

especially PHP. I want to analyse the written PHP

codes for security holes.

It is not important the way of scanning. It may be

a command tool or URL

scanning. It should be a free or one time tool.

Which tool gives the most detailed information?

Regards,

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution

FREE today!


http://www.cenzic.com/downloads

------------------------------------------------------------------------

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!

http://www.cenzic.com/downloads

------------------------------------------------------------------------



--
Kishore Parthasarathy, 
Penetration Tester, Smart Security,
17/1,Upstairs, Sarojini St,T.Nagar, 
Chennai - 600 017

Phone: 91 98841 80767

--
Trust everyone just don't trust the devil inside 'em
                                          --- Italian Job, 2003


      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

PHP security analysis Umut Arus (May 08)
- Re: PHP security analysis Serg B (May 08)
  - Re: PHP security analysis Kish Pent (May 09)
- Re: PHP security analysis Nikhil Wagholikar (May 09)