Penetration Testing mailing list archives
Re: tools to scan source code
From: Stefano Zanero <zanero () elet polimi it>
Date: Tue, 12 Sep 2006 14:53:05 +0200
Ric Messier wrote:
PHP is fairly C-like. If you know C, it's pretty easy to read PHP. However, try RATS. http://www.securesoftware.com/download_rats.htm
Are you suggesting that RATS (a source code scanner for C) would be able to detect security vulnerabilities in PHP ? That's a challenging proposition :) As far as I know, very little exist in the area of "source code auditing" for web application. Developing one is not easy (it's one of our research tasks at the moment)
From what I've seen, the SWAAT tool mentioned elsewhere is little more
than what you can obtain through grep... Best, Stefano ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- tools to scan source code Wahyu Wijaya H. (Sep 11)
- RE: tools to scan source code Ric Messier (Sep 11)
- Re: tools to scan source code Stefano Zanero (Sep 12)
- Re: tools to scan source code Kish Pent (Sep 13)
- Re: tools to scan source code Stefano Zanero (Sep 13)
- Re: tools to scan source code Ben Hall (Sep 13)
- Re: tools to scan source code Dan Catalin Vasile (Sep 13)
- RE: tools to scan source code Benjamin Livshits (Sep 13)
- Re: tools to scan source code Kish Pent (Sep 16)
- Re: tools to scan source code Stefano Zanero (Sep 12)
- Re: tools to scan source code Wahyu Wijaya H. (Sep 13)
- Re: tools to scan source code Barrie Dempster (Sep 14)
- RE: tools to scan source code Benjamin Livshits (Sep 15)
- RE: tools to scan source code Ric Messier (Sep 11)