Penetration Testing mailing list archives
Re: tools to scan source code
From: Joachim Schipper <j.schipper () math uu nl>
Date: Mon, 11 Sep 2006 22:46:43 +0200
On Mon, Sep 11, 2006 at 04:30:56PM +0700, Wahyu Wijaya H. wrote:
hi all, i got involved in some web application development using php and mysql. i got responsibility to check for vulnerability that may exist. is there any tool that can help me? i mean any tool that could scan the entire source code to find any vulnerability, because auditing all source code seems overwhelming to me :-) plus that i am no fluent in php language.
This is not what you are looking for, but there definitely *are* tools to check for common mistakes (SQL injection, XSS, &c). Something like Nikto may or may not be a good starting point; it's not something I'm too interested in, myself, but it might catch some mistakes. Joachim ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Re: tools to scan source code, (continued)
- Re: tools to scan source code Kish Pent (Sep 13)
- Re: tools to scan source code Stefano Zanero (Sep 13)
- Re: tools to scan source code Ben Hall (Sep 13)
- Re: tools to scan source code Dan Catalin Vasile (Sep 13)
- RE: tools to scan source code Benjamin Livshits (Sep 13)
- Re: tools to scan source code Kish Pent (Sep 16)
- Re: tools to scan source code Wahyu Wijaya H. (Sep 13)
- Re: tools to scan source code Barrie Dempster (Sep 14)
- RE: tools to scan source code Benjamin Livshits (Sep 15)
- RE: tools to scan source code Lisa Foster (Sep 13)
- RE: tools to scan source code andy cuff (Sep 14)
- RE: tools to scan source code Ric Messier (Sep 14)
- RE: tools to scan source code Clemens, Dan (Sep 14)
- RE: Fwd: Re: tools to scan source code ankur jindal (Sep 13)
- Re: Fwd: Re: tools to scan source code Nicolas RUFF (Sep 14)