Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

--- php [2019/10/09 10:33]
M0N5T3R
+++ php [2019/12/31 15:08] (Version actuelle)
M0N5T3R
@@ Ligne 1: / Ligne 1: @@
-🛠 A static source code analyser for vulnerabilities in PHP scripts
-https://github.com/robocoder/rips-scanner
+FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci
+====== PHP ======
+🛠 PHPStan v0.11.19 releases: PHP Static Analysis Tool https://securityonline.info/phpstan-php-static-analysis/
+🛠 Cheatsheet for finding vulnerable PHP code using grep https://github.com/dustyfresh/PHP-vulnerability-audit-cheatsheet
 🛠 We help your business to secure PHP and Java web applications with language specific code analysis. https://www.ripstech.com/
@@ Ligne 8: / Ligne 15: @@
+🛠 SensioLabs
+SensioLabs leverage composer.lock file to check for known security risk. https://security.sensiolabs.org/
 🛠 phpcs-security-audit v2 https://github.com/FloeDesignTechnologies/phpcs-security-audit
-🛠 A static analyzer for security purposes https://github.com/designsecurity/progpilot
+🛠 Progpilot - A static analyzer for security purposes https://github.com/designsecurity/progpilot
 🛠 RIPS - A static source code analyser for vulnerabilities in PHP scripts http://rips-scanner.sourceforge.net/
@@ Ligne 23: / Ligne 32: @@
 🛠 Vulture - Static source code analyser for PHP web applications vulnerabilities. https://github.com/darioghilardi/vulture
+🛠 [AppChecker](https://npo-echelon.ru/en/solutions/appchecker.php) - static analysis tool for finding bugs, weaknesses and vulnerabilities in source code
+🛠 [Code insight](https://github.com/console-helpers/code-insight) - A tool for analysing other project code bases.
+🛠 [Churn-PHP](https://github.com/bmitch/churn-php.git) - Discover files in need of refactoring.
+🛠 [Eir](https://github.com/Lixody/Eir) - A static vulnerability analysis tool written in C#.
+🛠 [Grabber]
+( http://rgaucher.info/beta/grabber/ ) Grabber, a python based tool to perform hybrid analysis on a PHP-based application using PHP-SAT.
+🛠 [Exakat](http://www.exakat.io/) - Smart static analysis.
+🛠 [jscpd](https://github.com/kucherenko/jscpd) - Copy/paste detector for programming source code.
+🛠 [Mondrian](https://github.com/Trismegiste/Mondrian) - A code analysis tool using Graph Theory.
+🛠 [noverify](https://github.com/VKCOM/noverify) - Pretty fast linter (code static analysis utility) for PHP.
+🛠 [Pfff](https://github.com/facebook/pfff) - Tools for code analysis, visualizations, or style-preserving source transformation.
+🛠 [PHP Analysis](https://github.com/cwi-swat/php-analysis) - A library for analysing and modifying PHP Source Code in Rascal (PHP AiR).
+🛠 [PHParch](https://github.com/j6s/phparch.git) - PHPArch is a work in progress architectural testing library for PHP projects.
+🛠 [PHP Assumption](https://github.com/rskuipers/php-assumptions.git) - Finds <a href="http://rskuipers.com/entry/from-assumptions-to-assertions">weak assumptions</a> in the code, suggest to turn them into stronger validations.
+🛠 [PhpCodeAnalyzer](https://github.com/wapmorgan/PhpCodeAnalyzer.git) - Finds usage of non-built-in extensions.
+🛠 [PHPCodeFixer](https://github.com/wapmorgan/PhpCodeFixer) -  Finds usage of deprecated functions, variables and ini directives.
+🛠 [php7mar](https://github.com/Alexia/php7mar) - PHP 7 Migration Assistant Report.
+🛠 [phpcallgraph](http://phpcallgraph.sourceforge.net/) - Generate static call graphs. Such a graph visualizes the call dependencies among methods or functions of an application..
+🛠 [PHPCPD](https://github.com/sebastianbergmann/phpcpd) - Spots copy/pasted code, and help enforcing DRY rule.
+🛠 [Phan](https://github.com/etsy/phan) - The static analyzer by Rasmus, PHP Creator.
+🛠 [Phinder](https://github.com/sider/phinder.git) - PHP code piece finder
+🛠 [Phortress](https://github.com/lowjoel/phortress) - A PHP static code analyser for potential vulnerabilities.
+🛠 [PHP Code Static Analysis](https://github.com/joaaoleite/code-static-analysis) - PHP Code static analysis program made in nodeJS.
+🛠 [PHP Inspection](https://plugins.jetbrains.com/plugin/7622?pr=idea) - Static analysis plugin for PHPStorm.
+🛠 [PHP Integrator](https://github.com/php-integrator) - Indexes PHP code and performs static analysis for Atom editor.
+🛠 [Phlint](https://gitlab.com/phlint/phlint) - Phlint is a tool with an aim to help maintain quality of php code by analyzing code and pointing out potential code issues.
+🛠 [PHP lint](http://php.net/manual/en/features.commandline.options.php) - PHP itself, able to detect syntax error from command line.
+🛠 [PHPlint](http://www.icosaedro.it/phplint/) - A validator and documentator for PHP 5 programs.
+🛠 [PHP-Parallel-Lint](https://github.com/JakubOnderka/PHP-Parallel-Lint) - A parallel php linting tool for PHP 5.3.3 or newer
+🛠 [PHP Magic Number Detector](https://github.com/povils/phpmnd) - PHP Magic Number Detector
+🛠 [PHP-malware-finder](https://github.com/nbs-system/php-malware-finder) - Detect potentially malicious PHP files
+🛠 [PHP Mess Detector](http://phpmd.org/) - Look for several potential problems within source code.
+🛠 [PHP Reaper](https://github.com/emanuil/php-reaper.git) - Scan ADOdb code for SQL Injections.
+🛠 [PHP SA](https://github.com/ovr/phpsa) - A development tool aimed at bringing complex analysis for PHP applications and libraries.
+🛠 [PHP Stan](https://github.com/phpstan/phpstan) - Focuses on finding errors in code without actually running it.
+🛠 [PHP Unlocker](http://emanuilslavov.com/php-unlocker/) - Detect potential, unintended DB table locks for PHP applications using ADOdb. Uses static analysis methods.
+🛠 [PHP testability](https://github.com/edsonmedina/php_testability) - Analyses and produces a report with testability issues of a php codebase.
+🛠 [PHP vuln hunter](https://github.com/OneSourceCat/phpvulhunter) - Scan PHP vulnerabilities automatically using static analysis methods.
+🛠 [Progpilot](https://github.com/designsecurity/progpilot) - A static analysis tool for security purposes.
+🛠 [Psalm](https://getpsalm.org/) - A static analysis tool for finding errors in PHP applications.
+🛠 [psecio:parse](https://github.com/psecio/parse.git) - Parse : A PHP Security Scanner.
+🛠 [SonarQube](http://www.sonarqube.org/) - An open platform to manage code quality. It covers PHP code.
+🛠 [SonarPHP]
+(https://www.sonarsource.com/products/codeanalyzers/sonarphp.html) - SonarPHP by SonarSource uses pattern matching, data flow techniques to find vulnerabilities in PHP codes. It is a static code analyzer and integrates with Eclipse, IntelliJ
+🛠 [Side Channel Analyzer](https://github.com/olivo/side-channel-analyzer) - Search for side-channel vulnerable code.
+🛠 [TaintPHP](https://github.com/olivo/TaintPHP.git) - Static Taint Analyzer.
+🛠 [Taint'em All](http://taint.spro.ink/) - A taint analysis tool for the PHP language, it makes use of Static Taint Analysis + Symbolic Execution.
+🛠 [Tuli](https://github.com/ircmaxell/Tuli) - A static analysis engine.
+🛠 [Unused-scanner](https://github.com/Insolita/unused-scanner.git) - Detect unused composer dependencies
+🛠 [WAP](https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection) - Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives.
+🛠 [PHP VarDump Check](https://github.com/JakubOnderka/PHP-Var-Dump-Check) - PHP console application for finding forgotten variable dump.
+🛠 [17eyes](https://github.com/17eyes/17eyes) - PHP static analyzer written in Haskell.
+🛠 [PHP Sandbox](http://sandbox.onlinephpfunctions.com/) Test your PHP code with this code tester

Zenk - Security

Outils d'utilisateurs

Outils du Site

Différences

Outils de la Page