| Mobile| RSS

Pixy: XSS and SQLI Scanner for PHP Programs

martes, 12 de enero de 2010 | Tags: | 0 Comentarios


he Problem: Finding XSS and SQLI vulnerabilities

Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task.

The Solution: Pixy

Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.
For more information, take a look at our documentation page!
Keywords: source code analyzer, static analyzer, PHP security analysis, source code analysis, static analysis tool

0 Respondiendo

Publicar un comentario

Ciber Protesta

Blog Archive

Labels

Blogumulus by Roy Tanck and Amanda Fazani

Twitter