From: Stefano Zanero (zanero@elet.polimi.it)
Date: Tue Sep 12 2006 - 08:53:05 EDT
Ric Messier wrote:
> PHP is fairly C-like. If you know C, it's pretty easy to read PHP. However,
> try RATS. http://www.securesoftware.com/download_rats.htm
Are you suggesting that RATS (a source code scanner for C) would be able
to detect security vulnerabilities in PHP ?
That's a challenging proposition :)
As far as I know, very little exist in the area of "source code
auditing" for web application. Developing one is not easy (it's one of
our research tasks at the moment)
>From what I've seen, the SWAAT tool mentioned elsewhere is little more
than what you can obtain through grep...
Best,
Stefano
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:56 EDT