Pixy; the PHP security scanner

The Problem: Finding XSS and SQLI vulnerabilities

Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task.

The Solution: Pixy

Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

For more information, take a look at the documentation page!

They also provide a list of other Open-Source Analysis Tools for PHP. Including PHP-Sat which is a Static Analysis Tool that performs several static checks on PHP source code and PHP string analyzer, a static program analyser that approximates the string output of a PHP program with a context-free grammar.

Pin It

37 thoughts on “Pixy; the PHP security scanner

  1. Pingback: 50个非常有用的PHP工具 | 胡言乱语

  2. Pingback: 50 Extremely Useful PHP Tools | { Blog : relax from working }

  3. Pingback: SpotGeek.net » Blog Archive » 50 Extremely Useful PHP Tools

  4. Pingback: 50 Extremely Useful PHP Tools | Gordon French

  5. Pingback: 50 Extremely Useful PHP Tools,Php Tools – HTD-34

  6. Pingback: 50 Extremely Useful PHP Tools | The Blog Specialist

  7. Pingback: Don’t be bad » Blog Archive » 50 Extremely Useful PHP Tools

  8. Pingback: 50 Extremely Useful PHP Tools

  9. Pingback: Click Mike » Blog Archive » Useful PHP tools

  10. can anybody provide me sample test files to be given for Pixy program (files with xss vulnerability) , also is there any manual in the net how to set up pixy after installing it

  11. Pingback: 优秀而又实用的PHP工具集锦 - 元如枫-博客

  12. Pingback: Php Araçları | OnuR.info

  13. Pingback: 26 PHP инструмента и ресурса за уеб разработчици

  14. Pixy: PHP Security Scanner Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed to detect XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input and creates a report that lists possible vulnerable points in the program, along with additional information for understanding the vulnerability

  15. Pingback: 50 Extremely Useful PHP Tools « Web Design Blog

  16. Pingback: 50个经常用的PHP工具 | jquery学习入门

  17. Pingback: 20+ Tools for Quick and Clean Code Development | Web Design Ledger

  18. Pingback: 5 extremely powerful PHP tools | Technacular

  19. Pingback: 25 Excellent PHP Tools That Enhance The Way You Develop « Narendra Dhami

  20. Pingback: 20+ Tools for Quick and Clean Code Development | WebsGeek

  21. Pingback: 25 Excellent PHP Tools That Enhance The Way You Develop | DSpot Inc

  22. Pingback: 50 Extremely Useful PHP Tools « UR-Technology

  23. Pingback: 25 Excellent PHP Tools That Enhance The Way You Develop | LearnersTutorials

  24. Pingback: Geek is a Lift-Style. » Blog Archive » 50 Extremely Useful PHP Tools

  25. Pingback: Geek is a Lift-Style. » 50 Extremely Useful PHP Tools

  26. Pingback: 50 Extremely Useful PHP Tools | Geek is a Lift-Style.

  27. Pingback: 15 Useful PHP Tools | LimeDomains.com Blog

  28. Pingback: 50 Extremely Useful PHP Tools | Welcome to bandesha.com

  29. Pingback: PHPER必须了解的几十个工具、IDE - 元宝 加速您的电子商务

  30. Pingback: PHP Developer » Blog Archive » 50个非常有用的PHP工具

  31. Pingback: 75+ Ferramentas PHP extremamente úteis | PontoBit

  32. Pingback: 50个非常有用的PHP工具 | Jim的blog