Pixy - An Open-Source Vulnerability Scanner for PHP Applications

[pixy-noreply () seclab tuwien ac at]

The Secure Systems Lab at the Technical University of Vienna has released the newest version of Pixy, an open-source 
vulnerability scanner. Here are some of the highlights:

- detection of SQL injection and XSS vulnerabilities in PHP source code

- automatic resolution of file inclusions

- computation of dependence graphs that help you understand the causes of reported vulnerabilities

- static analysis engine (flow-sensitive, interprocedural, context-sensitive)

- platform-independent (written in Java)

Pixy can be downloaded for free from http://pixybox.seclab.tuwien.ac.at/. There, you can also find a web interface that 
allows you to test Pixy online. Enjoy!

We would be happy to receive feedback, comments, and other contributions! Please send your suggestions to "pixy-tool at 
seclab" (domain see below).

Nenad Jovanovic
Secure Systems Lab
Technical University of Vienna
http://www.seclab.tuwien.ac.at/

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe
--------------------------------------------------------------------------