Static analysis for security in PHP?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Peter Dawson
Forum Newbie
Posts: 1
Joined: Tue May 10, 2016 4:53 am

Static analysis for security in PHP?

Post by Peter Dawson »

Do you use any static analysis tool for finding security flaws on PHP applications?
User avatar
Christopher
Site Administrator
Posts: 13592
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Static analysis for security in PHP?

Post by Christopher »

No, and probably only larger PHP developers or larger companies that use PHP would. I thinks some frameworks do. And I know that the PHP7 source has been analyzed.
(#10850)
Topanga
Forum Newbie
Posts: 1
Joined: Mon May 23, 2016 8:26 am

Re: Static analysis for security in PHP?

Post by Topanga »

Do you know Kiuwan? I use to analyze my apps with it and it gives a lot of metrics and it has specific rules for PHP. Check out:
https://www.kiuwan.com/php-software-analytics/
Post Reply