Penetration Testing mailing list archives

RE: tools to scan source code

From: "Ric Messier" <kilroy () WasHere COM>
Date: Mon, 11 Sep 2006 09:36:38 -0600



Wahyu Wijaya H. writes:



i got involved in some web application development using php and mysql.
i got responsibility to check for vulnerability that may exist.
is there any tool that can help me? i mean any tool that could scan the
entire source code to find any vulnerability, because auditing all
source code seems overwhelming to me :-) plus that i am no fluent in
php language.


PHP is fairly C-like. If you know C, it's pretty easy to read PHP. However,
try RATS. http://www.securesoftware.com/download_rats.htm

There is another tool (free) I've run across recently but the name is
escaping me at the moment.

Ric



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Current thread:

tools to scan source code Wahyu Wijaya H. (Sep 11)
- RE: tools to scan source code Ric Messier (Sep 11)
  - Re: tools to scan source code Stefano Zanero (Sep 12)
    - Re: tools to scan source code Kish Pent (Sep 13)
    - Re: tools to scan source code Stefano Zanero (Sep 13)
    - Re: tools to scan source code Ben Hall (Sep 13)
    - Re: tools to scan source code Dan Catalin Vasile (Sep 13)
    - RE: tools to scan source code Benjamin Livshits (Sep 13)
    - Re: tools to scan source code Kish Pent (Sep 16)
    - Re: tools to scan source code Wahyu Wijaya H. (Sep 13)
    - Re: tools to scan source code Barrie Dempster (Sep 14)
    - RE: tools to scan source code Benjamin Livshits (Sep 15)

(Thread continues...)