Spike PHP security audit tool 0.23 beta available

In: Code Auditing , Spike PHP Security tool

6 February 2007

New Tool that intends to analyze PHP files for security holes.

Change Log:

- Modified to be PHP 4 friendly.

Added a few functions to the knowledge-base: extract, shell_exec, pcntl_exec, exec.

Slightly improved the organization of the knowledge-base file (vuln_db.xml).

Known issues:

[Unverified], _getAllPhpFiles function may miss a few.

Tokenizer needs to be able to differentiate between a native function
call and class method call of the same name, i.e. mail() and $class->mail().

Post scriptum

Download

Compliance Mandates

Code Auditing :
PCI/DSS 6.3.6, 6.3.7, 6.6, SOX A12.8, GLBA 16CFR Part 314.4(b) and (2);FISMA RA-5, SC-18, SA-11 SI-2, and ISO 27001/27002 (12.4.1, 12.4.3, 12.5)

Related Articles

Code Auditing	10 May 2010 : WebTest 1.2.1 - Testing Web Application with Python 7 May 2010 : fuu v0.1 Beta - [F]aster [U]niversal [U]npacker 24 April 2010 : Security Ninja security tool announcement 22 April 2010 : OWASP Code Crawler v2.7 released 7 April 2010 : CWE/SANS Top 25 list updated to v1.0.3
Spike PHP Security tool	6 February 2007 : Spike PHP security audit tool 0.23 beta available

Copyright Security-Database 2006-2024 - Powered by themself ;).

Facebook rss twitter linkedin mail