Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Penetration Testing: Re: PHP security analysis

Re: PHP security analysis

From: Kish Pent <kish_pent_at_yahoo.com>
Date: Fri, 9 May 2008 00:56:41 -0700 (PDT)

Hi Umut,

I would advise you to build secure code from scratch.
In other words, make your code secure by following
secure coding practises in your SDLC.

Incase you only want the tool and not the "solution"
to the root cause of the problem then you can probably
try using SWAAT from Security Compass.

Note: SWAAT only "assists" in code review, it doesn't
"exactly" do code review for you.

Cheers,
Kish

--- Serg B <sergeslists_at_gmail.com> wrote:

> You may want to look into Fortify $ource Code
> Analyzer v5.x - supports PHP
>
> Not cheap, don't know of any free code scanners
>
> On Fri, May 9, 2008 at 5:35 AM, Umut Arus
> <umuta_at_sabanciuniv.edu> wrote:
> > Hi,
> >
> > I'm looking for the best web application analysis
> which is the tool
> > especially PHP. I want to analyse the written PHP
> codes for security holes.
> > It is not important the way of scanning. It may be
> a command tool or URL
> > scanning. It should be a free or one time tool.
> >
> > Which tool gives the most detailed information?
> >
> > Regards,
> >
> >
>
------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution
> FREE today!
> >
> > http://www.cenzic.com/downloads
> >
>
------------------------------------------------------------------------
> >
> >
>
>
------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE
> today!
>
> http://www.cenzic.com/downloads
>
------------------------------------------------------------------------
>
> 

--
Kishore Parthasarathy, 
Penetration Tester, Smart Security,
17/1,Upstairs, Sarojini St,T.Nagar, 
Chennai - 600 017
Phone: 91 98841 80767
--
Trust everyone just don't trust the devil inside 'em
                                          --- Italian Job, 2003
      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
Received on May 09 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]