Security Dashboard
ARTICLE
Spike PHP security audit tool 0.23 beta available
Tuesday 6 February 2007
New Tool that intends to analyze PHP files for security holes.Change Log:
- Modified to be PHP 4 friendly.
Added a few functions to the knowledge-base: extract, shell_exec, pcntl_exec, exec.
Slightly improved the organization of the knowledge-base file (vuln_db.xml).
Known issues:
[Unverified], _getAllPhpFiles function may miss a few.
Tokenizer needs to be able to differentiate between a native function
call and class method call of the same name, i.e. mail() and $class->mail().
POSTSCRIPTUM
RELATED ARTICLES
Code Auditing, Spike PHP Security tool, 6 February 2007 : Spike PHP security audit tool 0.23 beta available
