Pixy a XSS and SQL-Injection Scanner for PHP

28.06.2007 at 14:46

LWN mentioned Pixy a XSS and SQL-Injection Scanner for PHP which looks quite interesting.

From a quick overview over the project page, it seems that it uses data flow analyze to mark potential insecure section where external variables are used without care and prior data validation.

Didn't really test it though and therefore don't know about false positive and so on. But it is certainly worth a closer look, unfortunately i currently don't have time but who knows maybe someday when PHP5 is supported it will become handy.

Marc

Comments (0)

There are currently no comments available