WebApp Sec mailing list archives
Pixy - An Open-Source Vulnerability Scanner for PHP Applications
From: pixy-noreply () seclab tuwien ac at
Date: 20 Jun 2007 10:04:01 -0000
The Secure Systems Lab at the Technical University of Vienna has released the newest version of Pixy, an open-source vulnerability scanner. Here are some of the highlights: - detection of SQL injection and XSS vulnerabilities in PHP source code - automatic resolution of file inclusions - computation of dependence graphs that help you understand the causes of reported vulnerabilities - static analysis engine (flow-sensitive, interprocedural, context-sensitive) - platform-independent (written in Java) Pixy can be downloaded for free from http://pixybox.seclab.tuwien.ac.at/. There, you can also find a web interface that allows you to test Pixy online. Enjoy! We would be happy to receive feedback, comments, and other contributions! Please send your suggestions to "pixy-tool at seclab" (domain see below). Nenad Jovanovic Secure Systems Lab Technical University of Vienna http://www.seclab.tuwien.ac.at/ ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe --------------------------------------------------------------------------
Current thread:
- Pixy - An Open-Source Vulnerability Scanner for PHP Applications pixy-noreply (Jun 21)