• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

Code Review Software

Hi,

i have an application that allows users to login and update sensative information as well as upload download content.

i would like to know if there is a good software out there that can look over my code and determine if there are some loops.

essentially i want to have a product that will do basic scans, prentration and vunerability scans  before i pay a professional to look over it

thanks a lot
0
J N
Asked:
J N
  • 2
  • 2
3 Solutions
 
J NUnicorn wranglerAuthor Commented:
the code i am looking to be reviewed is php
0
 
btanExec ConsultantCommented:
0
 
Rich RumbleSecurity SamuraiCommented:
There are some tools out there as well that look at your source
PHP Code Sniffer, PHP Sat, PHP AST, PHP Lint, PHP Depend, xDebug
Often these tools however do not detect what you're aiming to detect, and they certainly don't secure your code. There are a lot of do not do's in PHP and coding in general. Scan your web application using Nessus/MetaSploit/W3af/Nikito. If you use MySQL or MSSQL you can use SQLNinja (ms only) and or SQLmap to detect injections. Have a look here
http://www.coresec.org/2011/07/18/sql-injection-scanners/
-rich
0
 
btanExec ConsultantCommented:
Specific to owasp top 10 vulnerability for php and php security open consortium sharing of specific gaps ..you can check this out below

http://www.sklar.com/page/article/owasp-top-ten
http://phpsec.org/projects/guide/

Tools wise you may want to see RIPS or DevBug

http://sourceforge.net/projects/rips-scanner/
http://www.devbug.co.uk/#
0
 
J NUnicorn wranglerAuthor Commented:
thanks everyone BIG help!!!
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now