PHP Source code scanning tools?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Chip Dawson
Forum Newbie
Posts: 1
Joined: Sun Oct 05, 2008 7:44 pm

PHP Source code scanning tools?

Post by Chip Dawson »

What are three PHP source code tools available for web scans, vulnerability checks, and reporting?
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Re: PHP Source code scanning tools?

Post by jmut »

I am not aware of any scanners really. I did one http://securityscanner.lostfiles.de/ but it was really my first own project in php and it lacks quite a bit if useful at all at the moment.
This perhaps is good to check http://phpsec.org/projects/phpsecinfo/index.html It is security check for the environment you work in.
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Re: PHP Source code scanning tools?

Post by Sindarin »

My advice, DON'T use those vulnerability scanners. Some of them offer for "free" their services.
They will list your site then and check often for vulnerabilities without you knowing about it.
If they find a point they can exploit, they will do it by e.g. spamming your contact form and also leave a link that you should buy their vulnerability scanner so nothing like that can happen again. They will keep doing that until you buy it or change your scripts. :?
Post Reply