Re: PHP security analysis

---

• From: Kish Pent <kish_pent@xxxxxxxxx>
• Date: Fri, 9 May 2008 00:56:41 -0700 (PDT)

---

Hi Umut,

I would advise you to build secure code from scratch.
In other words, make your code secure by following
secure coding practises in your SDLC.

Incase you only want the tool and not the "solution"
to the root cause of the problem then you can probably
try using SWAAT from Security Compass.

Note: SWAAT only "assists" in code review, it doesn't
"exactly" do code review for you.

Cheers,
Kish



--- Serg B <sergeslists@xxxxxxxxx> wrote:

You may want to look into Fortify $ource Code
Analyzer v5.x - supports PHP

Not cheap, don't know of any free code scanners

On Fri, May 9, 2008 at 5:35 AM, Umut Arus
<umuta@xxxxxxxxxxxxxxx> wrote:

Hi,

I'm looking for the best web application analysis

which is the tool

especially PHP. I want to analyse the written PHP

codes for security holes.

It is not important the way of scanning. It may be

a command tool or URL

scanning. It should be a free or one time tool.

Which tool gives the most detailed information?

Regards,

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution

FREE today!

http://www.cenzic.com/downloads

------------------------------------------------------------------------

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!

http://www.cenzic.com/downloads

------------------------------------------------------------------------

--
Kishore Parthasarathy,
Penetration Tester, Smart Security,
17/1,Upstairs, Sarojini St,T.Nagar,
Chennai - 600 017

Phone: 91 98841 80767

--
Trust everyone just don't trust the devil inside 'em
--- Italian Job, 2003


____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

---

• References:
  • Re: PHP security analysis
    • From: Serg B

• Prev by Date: RE: Dumping Data From Printers
• Next by Date: Re: PHP security analysis
• Previous by thread: Re: PHP security analysis
• Next by thread: Re: PHP security analysis
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Non Disclosure Agreement Template. ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ... (Pen-Test) Re: Cain & Able man in the middle attack ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ... (Pen-Test) Re: Lab OS Choices ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ... (Pen-Test) RE: Need Check list for Testing HSIA... ... I have been told this is very commonly overlooked at hotels. ... Need to secure your web apps NOW? ... buy it or download a solution FREE today! ... (Pen-Test) RE: Tool or Scirpt for DHCP Pool Exhaust Attack ... Saudi Paramount Computer Systems, ... Need to secure your web apps NOW? ... buy it or download a solution FREE today! ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2008-05