An Open-Source Vulnerability Scanner for PHP Applications. The Secure Systems Lab at the Technical University of Vienna has released the newest version of Pixy, an open-source vulnerability scanner. Here are some of the highlights: * Detection of SQL injection and XSS vulnerabilities in PHP source code
1. Automatic resolution of file inclusions
2. Computation of dependence graphs that help you understand the causes of reported vulnerabilities
3. Static analysis engine (flow-sensitive, interprocedural, context-sensitive)
4. Platform-independent written in Java.
http://pixybox.seclab.tuwien.ac.at
1 comment:
Nice practical introduction to static security analysis in a PHP workflow. Teams often postpone vulnerability detection until late stages, which makes remediation expensive. At Plexo (https://plexo.work), AI Task Breakdown helps teams schedule security checks as first-class tasks during planning instead of end-of-cycle add-ons. Which security check do you consider mandatory before code moves into release candidates?
Post a Comment