Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: tools to scan source code
From: Stefano Zanero <zanero () elet polimi it>
Date: Tue, 12 Sep 2006 14:53:05 +0200

Ric Messier wrote:

PHP is fairly C-like. If you know C, it's pretty easy to read PHP. However,
try RATS. http://www.securesoftware.com/download_rats.htm

Are you suggesting that RATS (a source code scanner for C) would be able
to detect security vulnerabilities in PHP ?

That's a challenging proposition :)

As far as I know, very little exist in the area of "source code
auditing" for web application. Developing one is not easy (it's one of
our research tasks at the moment)

From what I've seen, the SWAAT tool mentioned elsewhere is little more
than what you can obtain through grep...

Best,
Stefano

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]