Richard Davey wrote:
On 7 Feb 2006, at 16:54, Jason Gerfen wrote:
Is there any product available, commercial or free which performs
source code auditing which *specificly searches PHP code for SQL,
XSS type of attacks or vulnerabilities? TIA.
No. But there are people who can perform the service for you
(Brainbulb, Hardened PHP, etc)
Cheers,
Rich
--
http://www.corephp.co.uk
Zend Certified Engineer
PHP Development Services
Hmm, I found one but it seems it is still in beta.
http://www.codescan.com/product.html
I have done some of my own auditing but the application I have been
working on is nothing but form after form. At each point the form is
submitted I do sanity checks on the data to ensure that 1) it is being
submitted from a page on the server. 2) that it doesn't contain
<script>|<object>|<embed> type of code or SQL syntax. 3) that the
specified length of the submitted data is of a certain length.
Can anyone on this list perhaps engage this conversation? I am bringing
up this topic, not just for the application I am working on but for the
information to be spread to other developers. Any code examples, tips,
resources etc., is appreciated.
--
Jason Gerfen
"the life you live ignoring who, ignoring who you're giving money to.
and you, you support the corrupt industries and companies who dont think to care.
guilty...guilty...guilty by ignorance.
no feeling... no substance... killing... you're killing through your ignorance."
~ Snapcase
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php