Results 1 to 6 of 6

Thread: PHP Code Auditing HELP! Share/Save - My123World.Com!

  1. #1
    Webapp Secninja
    Join Date
    Aug 2012
    Location
    Ranchi, Jharkhand
    Posts
    41
    Blog Entries
    2

    PHP Code Auditing HELP!

    Hi guys I need to know the 'how-tos' for PHP code auditing manually. Any semi-automated tools, frameworks, tutorials and personal experience of code auditing would be helpful. Thanks
    Hacking Wacking Sab Moh Maya Hai
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  2. #2
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Dont think about a tool if ur just starting, take the pain of going through each line of code in a good text editor, and search over a huge code source manually for common patterns. Once ur get familiar with that there are a handfull of tool that will do this job for u. But just start with manual audits
    Hacking Is a Matter of Time Knowledge and Patience

  3. #3
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3
    +fb1h2s

    if you are starting do it manually. if you are doing it for some project needs then manual auditing + RIPS can help you

  4. #4
    use acunetix acusenser to audit php code

  5. #5
    Webapp Secninja
    Join Date
    Aug 2012
    Location
    Ranchi, Jharkhand
    Posts
    41
    Blog Entries
    2
    Thanks everyone!

    There are tons of references to various files from a single file, like a single function takes data, structures from different files (includes etc), I've to jump-back-and-forth while checking bugs in a single file. Any simplification for these, to view the PHP codebase easily?
    Hacking Wacking Sab Moh Maya Hai
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  6. #6
    yes. for a goodstart you can use 'grep' tool.

    I wrote, a simple 'scanner' using grep. Most of vulnerabilities I found in webapp was because of that 'grep'-based tool.
    In other way you can find vuln by doing blackbox pentests.

    Beside, if I remember it correctly, you can find vulnerable functions (list) on stackoverflow

    Let me know if you need any help with that.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •