1PMF
PHP Malware Finder (PMF) is a self-hosted solution to help you find possible malicious codes in the files. It is known to detect dodgy, encoders, obfuscators, webshells code.
2RIPS
RIPS is one of the popular PHP static code analysis tools to be integrated through the development lifecycle to find security issues in the real-time. You can categorize the finding by industry compliance and standard to prioritize the fixes.
3SonarPHP
SonarPHP by SonarSource uses pattern matching, data flow techniques to find vulnerabilities in PHP codes. It is a static code analyzer and integrates with Eclipse, IntelliJ.
4SensioLabs
SensioLabs leverage
composer.lock
file to check for known security risk. Checker is available in three ways.- Online – you upload your composer file to perform a test
- CLI – download the tool to use it locally or integrate within the development lifecycle
- API – use web service to check vulnerabilities. Results are available in text and JSON format.
5Exakat
A real-time static code analyzer engine to check compliance, risk and reinforce best practices. Exakat got more than 300 analyzers dedicated to PHP. There are framework specific analyzers like WordPress, CakePHP, Zend, etc.
6PHPStan
PHPStan is a fantastic tool to find bugs as you write the code. You don’t need to run anything.
7Psalm
Built on top of PHP Parser, Psalm is good to find errors and help to maintain consistency for better and secure application.
8Checkmarx
Checkmarx, a cloud-based solution to find vulnerabilities in PHP code and get a recommendation on how to fix them. Every vulnerability is explained, so you understand the impact.
9Progpilot
Progpilot static analyzer let you specify the analysis type like GET, POST, COOKIE, SHELL_EXEC, etc. It supports suiteCRM and CodeIgniter framework at the moment.
10PHP Vulnerability Hunter
A fuzzer to look for vulnerabilities using static and dynamic analysis. This hunter is capable of hunting the following.
- Cross-site scripting
- SQL injection
- Arbitrary file read and command execution
- Local file inclusion
- Full path disclosure
The scan is done in three phases – initialization, scan and un-initialization
11Grabber
Grabber, a python based tool to perform hybrid analysis on a PHP-based application using PHP-SAT.
Fuente: geekflare.com
No hay comentarios:
Publicar un comentario