There are many tools out in market for security analysis of PHP codes.
Some of them are mentioned below:
1. PHP Security Scanner:
Desc: PHP Security Scanner is a tool written in PHP intended to search PHP code for vulnarabilities. MySQL DB stores patterns to search for as well as the results from the search. The tool can scan any directory on the file system.
License: GPL
More Information: http://securityscanner.lostfiles.de/
2. Pixy
Desc: Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.
License: Open Source (not sure!!)
More Information: http://pixybox.seclab.tuwien.ac.at/pixy/documentation.php
3. PHP-Stat
Desc: PHP-Sat is a Static Analysis Tool which can perform several static checks on PHP source code. Each check is described by a bug-pattern which explains why the pattern is recognized and what one can do to fix it. There are checks for correctness, style and security.
License: LGPL (GNU Lesser General Public License)
More Information: http://www.program-transformation.org/PHP/PhpSat
4. PHP String Analyzer
Desc: PHP string analyzer is a static program analyzer that approximates the string output of a PHP program with a context-free grammar. The analyzer can be used to check properties of a PHP program. For example, it can be used to validate dynamically generated Web pages by a PHP program.
License: Open Source (not sure!!)
More Information: http://www.score.is.tsukuba.ac.jp/~minamide/phpsa/
----
Nikhil Wagholikar
Practice Lead | Security Assessment Team NII Consulting
Web: http://www.niiconsulting.com/
Security Products: http://www.niiconsulting.com/products.html
留言列表
