Page 1 of 1

PHP Source code scanning tools?

Posted: Sun Oct 05, 2008 7:53 pm
by Chip Dawson
What are three PHP source code tools available for web scans, vulnerability checks, and reporting?

Re: PHP Source code scanning tools?

Posted: Mon Oct 06, 2008 3:01 am
by jmut
I am not aware of any scanners really. I did one http://securityscanner.lostfiles.de/ but it was really my first own project in php and it lacks quite a bit if useful at all at the moment.
This perhaps is good to check http://phpsec.org/projects/phpsecinfo/index.html It is security check for the environment you work in.

Re: PHP Source code scanning tools?

Posted: Thu Nov 06, 2008 5:06 am
by Sindarin
My advice, DON'T use those vulnerability scanners. Some of them offer for "free" their services.
They will list your site then and check often for vulnerabilities without you knowing about it.
If they find a point they can exploit, they will do it by e.g. spamming your contact form and also leave a link that you should buy their vulnerability scanner so nothing like that can happen again. They will keep doing that until you buy it or change your scripts. :?