[Cialug] automatic php security analysis

David Champion dchampion at visionary.com
Tue Jan 6 14:50:52 CST 2009


Matthew Nuzum wrote:
> Hi, does anyone know of a tool that will look at a php source code and
> inspect it for some common security problems? I've spent a little time
> porting some older code I wrote from PHP4 to PHP5. It was easy enough
> for most tasks but wondered if there were any helpful tools that would
> look specifically for unsafe use of global variables, however checking
> for other problems would be equally useful.
>
>   

In a PHP security related note... look into suhosin, if you're not 
already using it:

http://www.hardened-php.net/suhosin/

-dc




More information about the Cialug mailing list