[컴][php] php secure code 점검 tool

소스코드 검증 툴 / 검증 프로그램 / source code anaysis tool / secure code check / defective code 점검


PHP 안전 코드 분석 툴 PHP secure code anaysis tools

  1. Progpilot - Progpilot is a static analyzer tool for PHP that detects security vulnerabilities such as XSS and SQL Injection.
  2. RIPS
    1. RIPS is a static source code analyzer for vulnerabilities in PHP web applications. Please see notes on the sourceforge.net site.
    2. version 이 update 되면서, 상용으로 변경된듯 하다. 옛버전은 최신의 php 에 대한 지원을 하지 않는듯 하다.
  3. phpcs-security-audit - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds flaws or weaknesses related to security in PHP and its popular CMS or frameworks. It currently has core PHP rules as well as Drupal 7 specific rules.
  4. VisualCodeGrepper (VCG)
    1. Scans C/C++, C#, VB, PHP, Java, and PL/SQL for security issues and for comments which may indicate defective code. The config files can be used to carry out additional checks for banned functions or functions which commonly cause security issues.
    2. windows 용이다. .msi 를 제공한다. 사용도 어렵지 않다.

See Also

  1. A reviewed list of useful PHP static analysis tools GitHub - exakat/php-static-analysis-tools
    • php 관련 tool 들의 링크를 모아놨다.
    • Bugs finders / Coding standards / DIY / Fixers / Metrics / SaaS / Misc

댓글 없음:

댓글 쓰기