First, preface
PHP code audit, such as the literal meaning of the PHP source code to review, understand the logic of the Code, found in the security loopholes. If there is SQL injection in the audit code, check the code for the transfer and
0 × 01 Introduction
PHP is a widely used scripting language, especially suitable for web development. It features cross-platform, easy to learn, and powerful functions. According to statistics, more than 34% of websites worldwide have php
About 0X01
工欲善其事, its prerequisite.
In the static security audit of source code, the use of automation tools instead of artificial vulnerability mining can significantly improve the efficiency of audit work. Learning to use automated code
A brief talk on PHP Automation code auditing Technology and the automatic audit of PHP
Source: Exploit Welcome to share the original to Bole headlines
0x00
Because there is nothing to update the blog, I will do the current things to summarize, as
0x00
Because there is nothing to update the blog, I will do the things summarized, as a blog, mainly to talk about the project in the use of some technology. Currently there are a lot of PHP automated audit tools, open source has rips, Pixy,
Are you worried about learning how to audit PHP code?
This post was last edited ,.I saw this post in other forums and it feels very good. so I will share it and discuss it with you.Author: jing0102Original article: Are you worried about how
This article is just a Summary of the notes that have been prepared for a period of time. It is an analysis framework without instantiation analysis.
0x01 tools
Editor (notepad ++, editplus, UE, etc)
TommSearch (string SEARCH) |
PHP code audit documents were updated last year. they were not well written, and some were not fully written. I have referenced many documents.
The owasp codereview should also be 2.0.
Let's give some suggestions.
Directory
1. Overview 3
2.
0x00 Preface
The domestic open PHP automated audit technology data is relatively small, compared to foreign countries have appeared relatively excellent automated audit implementation, such as Rips is based on token flow for a series of code
The audit here not only includes the registration audit, to the staff to report to the leadership of the audit, press release of the audit will be used. Here is the registration audit, so we should first build a registered page:The code is as
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.