| Dobrica Pavlinušić's random unstructured stuff PHP Security: Revision 4 Oxymoron, right? Well for somebody who loves perl so much, it is. Anyway here it is... One-linersshow phpinfo from shellecho '<? phpinfo() ?>' | php5 Security scanningSpike PHP Security Audit Toolhttp://developer.spikesource.com/projects/phpsecaudit/ sudo apt-get install php5-xslt Small list of checked expressions, quite difficult to browse. Pixkyhttp://pixybox.seclab.tuwien.ac.at/pixy/ Enables taint analysis of code. Doesn't handle ISO-8859-2 chars well, and breaks with terrifing error, but it's a very promising tool (in Java, sigh) phcGreat tool to get php's AST tree. Used by Plumhead Links
     fetchrss: http://del.icio.us/rss/dpavlin/php+security
  
 |