Spike PHP security audit tool 0.23 beta available
New Tool that intends to analyze PHP files for security holes.
- Modified to be PHP 4 friendly.
- Added a few functions to the knowledge-base: extract, shell_exec, pcntl_exec, exec.
- Slightly improved the organization of the knowledge-base file (vuln_db.xml).
- [Unverified], _getAllPhpFiles function may miss a few.
- Tokenizer needs to be able to differentiate between a native function
call and class method call of the same name, i.e. mail() and $class->mail().
|Spike PHP Security tool||