Good Programming in PHP
Tools
| Pixy | Free | stand-alone script | While it may seem slightly outdated (its homepage advertises PHP4 support), Pixy does a great job at finding Cross-Site Scripting and SQL/Code-injection vulnerabilities. |
|---|---|---|---|
| RATS | Free | stand-alone script | RATS targets various languages and has specific detection rules for each. In the case of PHP, it targets calls to some library functions. |
Further Reading
- PHP Manual on security:
http://www.php.net/manual/en/security.php - Security Guide by the PHP Security Consortium:
http://phpsec.org/projects/guide/ or http://phpsec.org/php-security-guide.pdf