Re: PHP Application Vuln. Testing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Davey wrote:

On 7 Feb 2006, at 16:54, Jason Gerfen wrote:

Is there any product available, commercial or free which performs source code auditing which *specificly searches PHP code for SQL, XSS type of attacks or vulnerabilities? TIA.


No. But there are people who can perform the service for you (Brainbulb, Hardened PHP, etc)

Cheers,

Rich
--
http://www.corephp.co.uk
Zend Certified Engineer
PHP Development Services

Hmm, I found one but it seems it is still in beta. http://www.codescan.com/product.html

I have done some of my own auditing but the application I have been working on is nothing but form after form. At each point the form is submitted I do sanity checks on the data to ensure that 1) it is being submitted from a page on the server. 2) that it doesn't contain <script>|<object>|<embed> type of code or SQL syntax. 3) that the specified length of the submitted data is of a certain length.

Can anyone on this list perhaps engage this conversation? I am bringing up this topic, not just for the application I am working on but for the information to be spread to other developers. Any code examples, tips, resources etc., is appreciated.

--
Jason Gerfen

"the life you live ignoring who, ignoring who you're giving money to.
and you, you support the corrupt industries and companies who dont think to care.
guilty...guilty...guilty by ignorance.
no feeling... no substance... killing... you're killing through your ignorance."
~ Snapcase

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux