PHP Source code scanning tools?
Moderator: General Moderators
-
Chip Dawson
- Forum Newbie
- Posts: 1
- Joined: Sun Oct 05, 2008 7:44 pm
PHP Source code scanning tools?
What are three PHP source code tools available for web scans, vulnerability checks, and reporting?
Re: PHP Source code scanning tools?
I am not aware of any scanners really. I did one http://securityscanner.lostfiles.de/ but it was really my first own project in php and it lacks quite a bit if useful at all at the moment.
This perhaps is good to check http://phpsec.org/projects/phpsecinfo/index.html It is security check for the environment you work in.
This perhaps is good to check http://phpsec.org/projects/phpsecinfo/index.html It is security check for the environment you work in.
Re: PHP Source code scanning tools?
My advice, DON'T use those vulnerability scanners. Some of them offer for "free" their services.
They will list your site then and check often for vulnerabilities without you knowing about it.
If they find a point they can exploit, they will do it by e.g. spamming your contact form and also leave a link that you should buy their vulnerability scanner so nothing like that can happen again. They will keep doing that until you buy it or change your scripts.
They will list your site then and check often for vulnerabilities without you knowing about it.
If they find a point they can exploit, they will do it by e.g. spamming your contact form and also leave a link that you should buy their vulnerability scanner so nothing like that can happen again. They will keep doing that until you buy it or change your scripts.