Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

statical analysis tools: language supports...

From: seba at deleersnyder.eu (Sebastien Deleersnyder)
Date: Wed, 21 Mar 2007 19:41:02 +0100
Hi,

 

Correction: Paros Proxy is owned and copyrighted by Chinotec Technologies
Co. 
OWASP provides another usefull tool: WebScarab
(http://www.owasp.org/index.php/OWASP_WebScarab_Project)

 

I you look for PHP security resources,
http://www.owasp.org/index.php/Category:OWASP_PHP_Project can also be of
help.

 

Regards,

 

Sebastien

Belgium OWASP Chapter Leader

 

  _____  

From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org]
On Behalf Of J. M. Seitz
Sent: woensdag 21 maart 2007 17:03
To: 'Indrek Saar'; 'Secure Coding'
Subject: Re: [SC-L] statical analysis tools: language supports...

 

RATS will do PHP as well there is a plugin for Eclipse that will do static
analysis on PHP code which is called Pixy. The next step would be to
investigate some of the tools from SPI Dynamics, a few of them are black-box
but if you combine some black-box testing with some static analysis, add
some fuzzing with Paros Proxy or JBrofuzz (both from OWASP) you should see
some success.

 

The other thing to consider are some of the settings in the .ini file,
configuration in PHP speaks volumes about security, kill register_globals,
check the magic_quotes value, etc. Be aware that calls to include() have to
be 100% correctly sanitized or you are asking for local|remote file
includes, etc. ad nauseum. Anyways, hopefully this points you in the right
direction.

 

JS

 

 

  _____  

From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org]
On Behalf Of Indrek Saar
Sent: Wednesday, March 21, 2007 4:49 AM
To: Secure Coding
Subject: [SC-L] statical analysis tools: language supports...

Hi guys,

I have question about source-code statical analysis tools that are available
at the market now.
Are there tools that support C/C++, Java, PHP, Flash (actionscript) all in
one?
Most of the tools support C/C++ and Java, but I have not found any that can
handle also PHP. 

Do you know some? Or have some information that some tool provider has plan
for supporting PHP. And Flash.


Indrek Saar.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20070321/20ce70f0/attachment.html
Previous By Date Next
Previous By Thread Next

Current thread: