An Open-Source Vulnerability Scanner for PHP Applications.
The Secure Systems Lab at the Technical University of Vienna has released the newest version of Pixy, an open-source vulnerability scanner. Here are some of the highlights:
Detection of SQL injection and XSS vulnerabilities in PHP source code
- Automatic resolution of file inclusions
- Computation of dependence graphs that help you understand the causes of reported vulnerabilities
- Static analysis engine (flow-sensitive, interprocedural, context-sensitive)
- Platform-independent written in Java.