Dobrica Pavlinušić's random unstructured stuff
PHP Security: Revision 4
Oxymoron, right? Well for somebody who loves perl so much, it is. Anyway here it is...
{toc: } ^ One-liners ^^ show phpinfo from shell .pre echo '<? phpinfo() ?>' | php5 .pre ^ Security scanning ^^ Spike PHP Security Audit Tool http://developer.spikesource.com/projects/phpsecaudit/ .pre sudo apt-get install php5-xslt .pre Small list of checked expressions, quite difficult to browse. ^^ Pixky http://pixybox.seclab.tuwien.ac.at/pixy/ Enables taint analysis of code. Doesn't handle ISO-8859-2 chars well, and breaks with terrifing error, but it's a very promising tool (in Java, sigh) ^^ phc http://www.phpcompiler.org/ Great tool to get php's AST tree. Used by "Plumhead"<http://www.perlfoundation.org/parrot/index.cgi?plumhead> ^ Links {fetchrss: http://del.icio.us/rss/dpavlin/php+security full} |