Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tools to scan source code

From: Joachim Schipper <j.schipper () math uu nl>
Date: Mon, 11 Sep 2006 22:46:43 +0200
On Mon, Sep 11, 2006 at 04:30:56PM +0700, Wahyu Wijaya H. wrote:

hi all,

i got involved in some web application development using php and
mysql. i got responsibility to check for vulnerability that may exist.
is there any tool that can help me? i mean any tool that could scan
the entire source code to find any vulnerability, because auditing all
source code seems overwhelming to me :-) plus that i am no fluent in
php language.


This is not what you are looking for, but there definitely *are* tools
to check for common mistakes (SQL injection, XSS, &c). Something like
Nikto may or may not be a good starting point; it's not something I'm
too interested in, myself, but it might catch some mistakes.

                Joachim

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: