miércoles, 15 de mayo de 2019

11 Best PHP Code Security Scanner to Find Vulnerabilities

1PMF

PHP Malware Finder (PMF) is a self-hosted solution to help you find possible malicious codes in the files. It is known to detect dodgy, encoders, obfuscators, webshells code.

2RIPS

RIPS is one of the popular PHP static code analysis tools to be integrated through the development lifecycle to find security issues in the real-time. You can categorize the finding by industry compliance and standard to prioritize the fixes.

3SonarPHP

SonarPHP by SonarSource uses pattern matching, data flow techniques to find vulnerabilities in PHP codes. It is a static code analyzer and integrates with Eclipse, IntelliJ.

4SensioLabs

SensioLabs leverage composer.lock file to check for known security risk. Checker is available in three ways.
  • Online – you upload your composer file to perform a test
  • CLI – download the tool to use it locally or integrate within the development lifecycle
  • API – use web service to check vulnerabilities. Results are available in text and JSON format.

5Exakat

A real-time static code analyzer engine to check compliance, risk and reinforce best practices. Exakat got more than 300 analyzers dedicated to PHP. There are framework specific analyzers like WordPress, CakePHP, Zend, etc.

6PHPStan

PHPStan is a fantastic tool to find bugs as you write the code. You don’t need to run anything.

7Psalm

Built on top of PHP Parser, Psalm is good to find errors and help to maintain consistency for better and secure application.

8Checkmarx

Checkmarx, a cloud-based solution to find vulnerabilities in PHP code and get a recommendation on how to fix them. Every vulnerability is explained, so you understand the impact.

9Progpilot

Progpilot static analyzer let you specify the analysis type like GET, POST, COOKIE, SHELL_EXEC, etc. It supports suiteCRM and CodeIgniter framework at the moment.

10PHP Vulnerability Hunter

A fuzzer to look for vulnerabilities using static and dynamic analysis. This hunter is capable of hunting the following.
  • Cross-site scripting
  • SQL injection
  • Arbitrary  file read and command execution
  • Local file inclusion
  • Full path disclosure
The scan is done in three phases – initialization, scan and un-initialization

11Grabber

Grabber, a python based tool to perform hybrid analysis on a PHP-based application using PHP-SAT.
11 Best PHP Code Security Scanner to Find Vulnerabilities
Fuente: geekflare.com


Publicado por el
Etiquetas: , , ,

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)