Home page logo

pen-test logo Penetration Testing mailing list archives

Re: tools to scan source code
From: Joachim Schipper <j.schipper () math uu nl>
Date: Mon, 11 Sep 2006 22:46:43 +0200

On Mon, Sep 11, 2006 at 04:30:56PM +0700, Wahyu Wijaya H. wrote:
hi all,

i got involved in some web application development using php and
mysql. i got responsibility to check for vulnerability that may exist.
is there any tool that can help me? i mean any tool that could scan
the entire source code to find any vulnerability, because auditing all
source code seems overwhelming to me :-) plus that i am no fluent in
php language.

This is not what you are looking for, but there definitely *are* tools
to check for common mistakes (SQL injection, XSS, &c). Something like
Nikto may or may not be a good starting point; it's not something I'm
too interested in, myself, but it might catch some mistakes.


This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]