Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Felix De Vliegher's Blog:
Static analysis for PHP
Aug 19, 2008 @ 11:16:18

On his blog recently Felix De Vliegher has posted about work he's done to gather some stats and great some data about how his PHP scripts are working based on a little statistical analysis.

Lately I've been interested in applying static analysis to PHP projects. Static analysis is the process of analysing software code - in our case PHP source code -, without actually executing the (compiled) result of the source code you’re analysing.

He mentions some types of analysis and some of the tools that can be used to measure it. He also talks about issues it can help with (like the potential for harm if a part of code is changed) and a pointer to the Pixy software he used to generate the statistics (and images like this).

tagged: static analysis execute pixy compile software script

Link:

Greg Beaver's Blog:
Quick review of Pixy vulnerability scanner for PEAR users
Jun 25, 2007 @ 07:30:27

Greg Bever has a (very) quick post about his experiences with the Pixy XSS and SQLI Scanner running against PEAR files.

I tried out the Pixy XSS and SQLI Scanner (http://pixybox.seclab.tuwien.ac.at/pixy/index.php) on a few simple PEAR files. On the first, I got a java exception, on the second it was unable to resolve the simplest of includes (no ability to resolve include_path). In short, the thing is useless for anything written using PEAR. Fun!

The Pixy XSS and SQLI Scanner is made to find SQL and XSS injection issues in scripts. It runs as a Java application and scans PHP4 source code to try to find problems. For more information on the scanner or to try it out for yourself, check out the project's homepage for documentation and downloads.

tagged: review pixy vulnerability scanner pear xss sqlinjection review pixy vulnerability scanner pear xss sqlinjection

Link:

Greg Beaver's Blog:
Quick review of Pixy vulnerability scanner for PEAR users
Jun 25, 2007 @ 07:30:27

Greg Bever has a (very) quick post about his experiences with the Pixy XSS and SQLI Scanner running against PEAR files.

I tried out the Pixy XSS and SQLI Scanner (http://pixybox.seclab.tuwien.ac.at/pixy/index.php) on a few simple PEAR files. On the first, I got a java exception, on the second it was unable to resolve the simplest of includes (no ability to resolve include_path). In short, the thing is useless for anything written using PEAR. Fun!

The Pixy XSS and SQLI Scanner is made to find SQL and XSS injection issues in scripts. It runs as a Java application and scans PHP4 source code to try to find problems. For more information on the scanner or to try it out for yourself, check out the project's homepage for documentation and downloads.

tagged: review pixy vulnerability scanner pear xss sqlinjection review pixy vulnerability scanner pear xss sqlinjection

Link: