Hi guys I need to know the 'how-tos' for PHP code auditing manually. Any semi-automated tools, frameworks, tutorials and personal experience of code auditing would be helpful. Thanks
Hi guys I need to know the 'how-tos' for PHP code auditing manually. Any semi-automated tools, frameworks, tutorials and personal experience of code auditing would be helpful. Thanks
Hacking Wacking Sab Moh Maya Hai
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Dont think about a tool if ur just starting, take the pain of going through each line of code in a good text editor, and search over a huge code source manually for common patterns. Once ur get familiar with that there are a handfull of tool that will do this job for u. But just start with manual audits
Hacking Is a Matter of Time Knowledge and Patience
+fb1h2s
if you are starting do it manually. if you are doing it for some project needs then manual auditing + RIPS can help you
use acunetix acusenser to audit php code
Thanks everyone!
There are tons of references to various files from a single file, like a single function takes data, structures from different files (includes etc), I've to jump-back-and-forth while checking bugs in a single file. Any simplification for these, to view the PHP codebase easily?
Hacking Wacking Sab Moh Maya Hai
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
yes. for a goodstart you can use 'grep' tool.
I wrote, a simple 'scanner' using grep. Most of vulnerabilities I found in webapp was because of that 'grep'-based tool.
In other way you can find vuln by doing blackbox pentests.
Beside, if I remember it correctly, you can find vulnerable functions (list) on stackoverflow
Let me know if you need any help with that.
Posting Permissions
Reply With Quote
