Scanning for PHP vulnerabilities with Pixy
Posted Jul 7, 2007 6:31 UTC (Sat) by Cato
Parent article: Scanning for PHP vulnerabilities with Pixy
This sounds useful for PHP, but you could of course just use Perl, which has the concept of tainting built-in - just use the -T flag on shebang line, as outlined in this O'Reilly article on Perl tainting. Taint mode isn't a panacea, and Perl source code scanners like RATS are also a good idea. CPAN's Audit-Perl project also provides a nice colourised source code view of the lines where issues are found by scanners such as RATS and others.
to post comments)