Blogvaria

This page is brought to you by Blogvaria (http://blog.evaria.com).

To obtain more information, ask questions and interact please visit our website.

Back to Blogvaria landing page
Feedback
Subscribe
   
Blogvaria

 

The personal pages

Pixy; the PHP security scanner

TrackBack | Filed by under Internet stuff, Programming | Post popularity 20%

The Problem: Finding XSS and SQLI vulnerabilities

Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task.

The Solution: Pixy

Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

For more information, take a look at the documentation page!

They also provide a list of other Open-Source Analysis Tools for PHP. Including PHP-Sat which is a Static Analysis Tool that performs several static checks on PHP source code and PHP string analyzer, a static program analyser that approximates the string output of a PHP program with a context-free grammar.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • BlinkList
  • blogmarks
  • del.icio.us
  • De.lirio.us
  • digg
  • Furl
  • NewsVine
  • Netscape
  • Reddit
  • Spurl
  • SphereIt
  • Technorati
  • YahooMyWeb
  • DZone
  • feedmelinks
  • Linkter
  • Ma.gnolia
  • Slashdot
  • StumbleUpon
  • TailRank
  • co.mments

Akismet has protected Blogvaria from 122,261 spam comments. Design by Evaria.com. Powered by WordPress.
Our beloved and trusted server has rendered 1.148 pages so far today, an amazing 2.241 pages yesterday
and even more astonishingly 935.360 pages since 19 Feb 2012 alone without dropping a byte nor a pixel.

Close
E-mail It