Is there any easy to use PHP Security Scanner?
Please be aware that NO automated security scanner will be able to detect all vulnerabilities in the code base. The best way to protect your code is to learn about how to write secure software, and do diligent code reviews.
Note, I'm not saying NOT to use a scanner. I'm saying use a scanner as a second line of defense only. Don't rely on it to make up for poor coding practices...
An old topic, but I notice no-one has mentioned the RIPS Scanner yet (see also the related project page on Sourceforge)
"RIPS is a free static source code analyser for vulnerabilities in PHP scripts"
I haven't tried it yet (just downloading it now), but it sounds like the kind of thing the question is looking for. And it's free (GPL licenced). (interesting to note that it was first released in June 2010, pretty much the same time this question was asked)
Sourceforge also threw up a few other projects:
RIPS looks like it's a lot more well used than any of those others, but it might be worth trying them all, just to see.
Hope that helps
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With