I would advise you to build secure code from scratch.
In other words, make your code secure by following
secure coding practises in your SDLC.
Incase you only want the tool and not the "solution"
to the root cause of the problem then you can probably
try using SWAAT from Security Compass.
Note: SWAAT only "assists" in code review, it doesn't
"exactly" do code review for you.
Cheers,
Kish
--- Serg B <sergeslists (at) gmail (dot) com [email concealed]> wrote:
> You may want to look into Fortify $ource Code
> Analyzer v5.x - supports PHP
>
> Not cheap, don't know of any free code scanners
>
> On Fri, May 9, 2008 at 5:35 AM, Umut Arus
> <umuta (at) sabanciuniv (dot) edu [email concealed]> wrote:
> > Hi,
> >
> > I'm looking for the best web application analysis
> which is the tool
> > especially PHP. I want to analyse the written PHP
> codes for security holes.
> > It is not important the way of scanning. It may be
> a command tool or URL
> > scanning. It should be a free or one time tool.
> >
> > Which tool gives the most detailed information?
> >
> > Regards,
> >
> >
>
------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution
> FREE today!
> >
> > http://www.cenzic.com/downloads
> >
>
------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE
> today!
>
> http://www.cenzic.com/downloads
>
------------------------------------------------------------------------
--
Trust everyone just don't trust the devil inside 'em
--- Italian Job, 2003
________________________________________________________________________
____________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
I would advise you to build secure code from scratch.
In other words, make your code secure by following
secure coding practises in your SDLC.
Incase you only want the tool and not the "solution"
to the root cause of the problem then you can probably
try using SWAAT from Security Compass.
Note: SWAAT only "assists" in code review, it doesn't
"exactly" do code review for you.
Cheers,
Kish
--- Serg B <sergeslists (at) gmail (dot) com [email concealed]> wrote:
> You may want to look into Fortify $ource Code
> Analyzer v5.x - supports PHP
>
> Not cheap, don't know of any free code scanners
>
> On Fri, May 9, 2008 at 5:35 AM, Umut Arus
> <umuta (at) sabanciuniv (dot) edu [email concealed]> wrote:
> > Hi,
> >
> > I'm looking for the best web application analysis
> which is the tool
> > especially PHP. I want to analyse the written PHP
> codes for security holes.
> > It is not important the way of scanning. It may be
> a command tool or URL
> > scanning. It should be a free or one time tool.
> >
> > Which tool gives the most detailed information?
> >
> > Regards,
> >
> >
>
------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution
> FREE today!
> >
> > http://www.cenzic.com/downloads
> >
>
------------------------------------------------------------------------
> >
> >
>
>
------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE
> today!
>
> http://www.cenzic.com/downloads
>
------------------------------------------------------------------------
>
>
--
Kishore Parthasarathy,
Penetration Tester, Smart Security,
17/1,Upstairs, Sarojini St,T.Nagar,
Chennai - 600 017
Phone: 91 98841 80767
--
Trust everyone just don't trust the devil inside 'em
--- Italian Job, 2003
________________________________________________________________________
____________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
[ reply ]