Blogvaria

This page is brought to you by Blogvaria (http://blog.evaria.com).

To obtain more information, ask questions and interact please visit our website.

Back to Blogvaria landing page
Feedback
Subscribe
   
Blogvaria

 

The personal pages

Aug 07
29

Pixy; the PHP security scanner

TrackBack | Filed by Thomas under Internet stuff, Programming | Post popularity 14%

The Problem: Finding XSS and SQLI vulnerabilities

Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task.

The Solution: Pixy

Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

For more information, take a look at the documentation page!

They also provide a list of other Open-Source Analysis Tools for PHP. Including PHP-Sat which is a Static Analysis Tool that performs several static checks on PHP source code and PHP string analyzer, a static program analyser that approximates the string output of a PHP program with a context-free grammar.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • BlinkList
  • blogmarks
  • del.icio.us
  • De.lirio.us
  • digg
  • Furl
  • NewsVine
  • Netscape
  • Reddit
  • Spurl
  • SphereIt
  • Technorati
  • YahooMyWeb
  • DZone
  • feedmelinks
  • Linkter
  • Ma.gnolia
  • Slashdot
  • StumbleUpon
  • TailRank
  • co.mments
01

50个非常有用的PHP工具 | 胡言乱语 said,

January 21, 2009 @ 9:26 am

[...] Pixy :代码检查工具。 [...]

02

50 Extremely Useful PHP Tools | { Blog : relax from working } said,

January 21, 2009 @ 6:12 pm

[...] Pixy: PHP Security ScannerPixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

03

SpotGeek.net » Blog Archive » 50 Extremely Useful PHP Tools said,

January 22, 2009 @ 1:40 am

[...] Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

04

50 Extremely Useful PHP Tools | Gordon French said,

January 23, 2009 @ 4:33 am

[...] Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

05

50 Extremely Useful PHP Tools,Php Tools – HTD-34 said,

January 24, 2009 @ 10:53 pm

[...] Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

06

50 Extremely Useful PHP Tools | The Blog Specialist said,

January 25, 2009 @ 8:37 am

[...] Pixy: PHP Security ScannerPixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

07

Don’t be bad » Blog Archive » 50 Extremely Useful PHP Tools said,

January 25, 2009 @ 1:57 pm

[...] Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

08

50 Extremely Useful PHP Tools said,

January 27, 2009 @ 1:50 pm

[...] Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

09

Click Mike » Blog Archive » Useful PHP tools said,

February 6, 2009 @ 9:01 am

[...] Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

10

web said,

March 8, 2009 @ 7:57 am

Does pixy make modification?

11

madhavi said,

April 6, 2009 @ 7:39 am

can anybody provide me sample test files to be given for Pixy program (files with xss vulnerability) , also is there any manual in the net how to set up pixy after installing it

12

优秀而又实用的PHP工具集锦 - 元如枫-博客 said,

April 11, 2009 @ 12:50 pm

[...] Pixy :一款危险代码检查工具,检测来自编程人员自身或者外部信息提交可能的破坏性代码。 [...]

13

Php Araçları | OnuR.info said,

June 25, 2009 @ 6:34 pm

[...] 4. Pixy: PHP Güvenlik Tarayıcısı [...]

14
15

sms said,

August 25, 2009 @ 7:58 pm

this has been really helpful

16

serkan said,

September 17, 2009 @ 1:08 pm

Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability

17

50 Extremely Useful PHP Tools « Web Design Blog said,

November 2, 2009 @ 11:09 am

[...] Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

18

50个经常用的PHP工具 | jquery学习入门 said,

December 12, 2009 @ 6:05 pm

[...] Pixy :代码检查工具。 [...]

19

20+ Tools for Quick and Clean Code Development | Web Design Ledger said,

December 15, 2009 @ 7:10 am

[...] Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

20

Usdating said,

January 10, 2010 @ 10:04 pm

this information is great to me!! thank you guys for your awesome posts As Nick says, iA?ll re-read it again, and again …

21

5 extremely powerful PHP tools | Technacular said,

February 5, 2010 @ 7:52 am

[...] Pixy: PHP Security Scanner [...]

22
23

20+ Tools for Quick and Clean Code Development | WebsGeek said,

February 23, 2010 @ 11:29 pm

[...] Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. Bookmark It Hide Sites [...]

24

25 Excellent PHP Tools That Enhance The Way You Develop | DSpot Inc said,

February 25, 2010 @ 10:43 am

[...] 18.) Pixy [...]

25

Jess said,

February 25, 2010 @ 10:31 pm

I am using free online XSS scanner tool:
http://xss-scanner.com

26

50 Extremely Useful PHP Tools « UR-Technology said,

March 7, 2010 @ 4:09 am

[...] Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability. [...]

URL for comments RSS 2.0 feed Subscribe to Comments | TrackBack URI

Leave a Comment

Akismet has protected Blogvaria from 108,669 spam comments. Design by Evaria.com. Powered by WordPress.
Our beloved and trusted server has rendered 2.345 pages so far today, an amazing 3.416 pages yesterday
and even more astonishingly 200.076 pages since 29 Jan 2010 alone without dropping a byte nor a pixel.

Close
E-mail It