In the near future I have to check the source code of a web application on security vulnerabilities. The web application mainly consists of PHP files and contains more than 300 files. Do you know programs that can help me with the security analysis of the source code?
Asked
Active
Viewed 809 times
0
-
Is the software closed source? – jrtapsell May 27 '18 at 13:47
-
Yes the software is closed source – Bowmann May 27 '18 at 14:16
2 Answers
2
For PHP, you can consider tools such as SecureAssist (by Synopsys). Its decently comprehensive and helps find security related vulnerabilities.
Other options include tools such as RIPS.
More information can be found on the Owasp static analysis tools page:
Nitin_Ramesh
- 137
- 2
- 9
1
Use sqlmap to automatically test for SQL Injections
Another great tool I enjoy using is Taint. If you can somehow run those files locally, this will come in handy :)
Adrian Baginski
- 171
- 6
-
1Sqlmap is a black box testing tool, i dont have the permissions for black box testing:/ – Bowmann May 27 '18 at 15:17
-
2"i dont have the permissions for black box testing", not even on a local clone of the system with a cloned, or test, database? – Guntram Blohm May 27 '18 at 16:58