scanning PHP for security vulnerabilities
Posted: Wed May 28, 2003 5:50 pm
I'am a C++ programmer by trade but am currently having to take part in a PHP based project at work. The software design by specification has to be highly security sensitive and so I have been selving into the world of secure PHP programming techniques.
I'am used to using code auditing tools to check for possible exploits and vulnerabilities and to identify areas of concern in C++ source code (ITS4, FlawFinder etc), and so have been using one designed for PHP (RatScan) which can be found here:
http://www.beetlesoft.com/downloads/rat ... an_1.2.exe
It has helped me a lot but I'am using it as a crutch. Can anyone point me in the direction of any guides to secure programming with PHP, or could possibly explain some of the major fundamentals.
Casius.
I'am used to using code auditing tools to check for possible exploits and vulnerabilities and to identify areas of concern in C++ source code (ITS4, FlawFinder etc), and so have been using one designed for PHP (RatScan) which can be found here:
http://www.beetlesoft.com/downloads/rat ... an_1.2.exe
It has helped me a lot but I'am using it as a crutch. Can anyone point me in the direction of any guides to secure programming with PHP, or could possibly explain some of the major fundamentals.
Casius.