Spike PHP security audit tool 0.23 beta available

New Tool that intends to analyze PHP files for security holes.

Change Log:

- Modified to be PHP 4 friendly.

  • Added a few functions to the knowledge-base: extract, shell_exec, pcntl_exec, exec.
  • Slightly improved the organization of the knowledge-base file (vuln_db.xml).

Known issues:

  • [Unverified], _getAllPhpFiles function may miss a few.
  • Tokenizer needs to be able to differentiate between a native function
    call and class method call of the same name, i.e. mail() and $class->mail().

Post scriptum

Compliance Mandates

  • Code Auditing :

    PCI/DSS 6.3.6, 6.3.7, 6.6, SOX A12.8, GLBA 16CFR Part 314.4(b) and (2);FISMA RA-5, SC-18, SA-11 SI-2, and ISO 27001/27002 (12.4.1, 12.4.3, 12.5)


Related Articles

Code Auditing
Spike PHP Security tool