Solved

Code Review Software

Posted on 2013-01-18
5
284 Views
Last Modified: 2013-01-21
Hi,

i have an application that allows users to login and update sensative information as well as upload download content.

i would like to know if there is a good software out there that can look over my code and determine if there are some loops.

essentially i want to have a product that will do basic scans, prentration and vunerability scans  before i pay a professional to look over it

thanks a lot
0
Comment
Question by:M. Jayme Nagy
  • 2
  • 2
5 Comments
 
LVL 6

Author Comment

by:M. Jayme Nagy
ID: 38793574
the code i am looking to be reviewed is php
0
 
LVL 62

Assisted Solution

by:btan
btan earned 334 total points
ID: 38795840
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 166 total points
ID: 38796382
There are some tools out there as well that look at your source
PHP Code Sniffer, PHP Sat, PHP AST, PHP Lint, PHP Depend, xDebug
Often these tools however do not detect what you're aiming to detect, and they certainly don't secure your code. There are a lot of do not do's in PHP and coding in general. Scan your web application using Nessus/MetaSploit/W3af/Nikito. If you use MySQL or MSSQL you can use SQLNinja (ms only) and or SQLmap to detect injections. Have a look here
http://www.coresec.org/2011/07/18/sql-injection-scanners/
-rich
0
 
LVL 62

Accepted Solution

by:
btan earned 334 total points
ID: 38797552
Specific to owasp top 10 vulnerability for php and php security open consortium sharing of specific gaps ..you can check this out below

http://www.sklar.com/page/article/owasp-top-ten
http://phpsec.org/projects/guide/

Tools wise you may want to see RIPS or DevBug

http://sourceforge.net/projects/rips-scanner/
http://www.devbug.co.uk/#
0
 
LVL 6

Author Closing Comment

by:M. Jayme Nagy
ID: 38801321
thanks everyone BIG help!!!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now