Pixy; the PHP security scanner

The Problem: Finding XSS and SQLI vulnerabilities

Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task.

The Solution: Pixy

Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

For more information, take a look at the documentation page!

They also provide a list of other Open-Source Analysis Tools for PHP. Including PHP-Sat which is a Static Analysis Tool that performs several static checks on PHP source code and PHP string analyzer, a static program analyser that approximates the string output of a PHP program with a context-free grammar.

About Author

36 Comments on “Pixy; the PHP security scanner”

  1. can anybody provide me sample test files to be given for Pixy program (files with xss vulnerability) , also is there any manual in the net how to set up pixy after installing it

  2. Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability

  3. this information is great to me!! thank you guys for your awesome posts As Nick says, iA?ll re-read it again, and again …

Comments are closed.