Spike PHP security audit tool 0.23 beta available
New Tool that intends to analyze PHP files for security holes.
Change Log:
- Modified to be PHP 4 friendly.
- Added a few functions to the knowledge-base: extract, shell_exec, pcntl_exec, exec.
- Slightly improved the organization of the knowledge-base file (vuln_db.xml).
Known issues:
- [Unverified], _getAllPhpFiles function may miss a few.
- Tokenizer needs to be able to differentiate between a native function
call and class method call of the same name, i.e. mail() and $class->mail().
Post scriptum
Compliance Mandates
|
Related Articles
Code Auditing |
|
Spike PHP Security tool |
|