This is a PHP code security audit system based on C# language, which mainly runs on Windows system. The software can find some loopholes such as SQL injection, code execution, command execution, file inclusion, file upload, bypass escape protection, denial of service, XSS cross-site, information leakage, arbitrary URL jump and so on. , which basically covers common PHP vulnerabilities. Functionally, it supports dozens of powerful functions such as one-click audit, code debugging, function positioning, plug-in expansion, self-assembly rule configuration, code highlighting, code debugging and conversion, database execution monitoring and so on.
The second category: strengthening SCA
strengthen
SCA is a commercial software product developed by HP, which conducts professional white-box security audit of source code. Of course, there is a charge. This kind of commercial software is generally more expensive. It has Windows, Linux, Unix and Mac versions, and carries out static analysis on the source code of the application software through the built-in five main analysis engines.
The third category: RIPS
RIPS is a PHP code security audit software based on PHP. In addition, it is an open source software developed by foreign security researchers. The program is only 450KB, and the latest version that can be downloaded at present is 0.54, but this program has stopped updating. Its biggest highlight is that it calls PHP's built-in parser interface token_get_all, and uses the parser to do syntax analysis, thus realizing the tracking of variables and functions across files. The scanning results show the process of vulnerability formation and variable transfer very intuitively, and the false positive rate is very low. RIPS can find various vulnerabilities, such as SQL injection, XSS cross-site, file inclusion, code execution, file reading and so on. , and highlight the codes of various style files.