Penetration Testing mailing list archives
Re: PHP security analysis
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Fri, 9 May 2008 23:31:58 +0530
Hi Umut Arus, There are many tools out in market for security analysis of PHP codes. Some of them are mentioned below: 1. PHP Security Scanner: Desc: PHP Security Scanner is a tool written in PHP intended to search PHP code for vulnarabilities. MySQL DB stores patterns to search for as well as the results from the search. The tool can scan any directory on the file system. License: GPL More Information: http://securityscanner.lostfiles.de/ 2. Pixy Desc: Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability. License: Open Source (not sure!!) More Information: http://pixybox.seclab.tuwien.ac.at/pixy/documentation.php 3. PHP-Stat Desc: PHP-Sat is a Static Analysis Tool which can perform several static checks on PHP source code. Each check is described by a bug-pattern which explains why the pattern is recognized and what one can do to fix it. There are checks for correctness, style and security. License: LGPL (GNU Lesser General Public License) More Information: http://www.program-transformation.org/PHP/PhpSat 4. PHP String Analyzer Desc: PHP string analyzer is a static program analyzer that approximates the string output of a PHP program with a context-free grammar. The analyzer can be used to check properties of a PHP program. For example, it can be used to validate dynamically generated Web pages by a PHP program. License: Open Source (not sure!!) More Information: http://www.score.is.tsukuba.ac.jp/~minamide/phpsa/ ---- Nikhil Wagholikar Practice Lead | Security Assessment Team NII Consulting Web: http://www.niiconsulting.com/ Security Products: http://www.niiconsulting.com/products.html On Fri, May 9, 2008 at 1:05 AM, Umut Arus <umuta () sabanciuniv edu> wrote:
Hi, I'm looking for the best web application analysis which is the tool especially PHP. I want to analyse the written PHP codes for security holes. It is not important the way of scanning. It may be a command tool or URL scanning. It should be a free or one time tool. Which tool gives the most detailed information? Regards, ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- PHP security analysis Umut Arus (May 08)
- Re: PHP security analysis Serg B (May 08)
- Re: PHP security analysis Kish Pent (May 09)
- Re: PHP security analysis Nikhil Wagholikar (May 09)
- Re: PHP security analysis Serg B (May 08)