01 August 2006 | 13,650 views

SpikeSource Spike PHP Security Audit Tool

Check For Vulnerabilities with Acunetix

Spike is an Open Source tool based on the popular RATS C based auditing tool implemented for PHP.

The tool Spike basically does static analysis of php code for security exploits, PHP5 and call-time pass-by-reference are currently required, but a PHP4 version is coming out this week.

This tool is especially welcomed by Darknet as there aren’t many static analysis tools out there that are free, and there are very few tools for auditing PHP code..which as we all known tends to be coded quite insecurely at times (just look at phpBB and PhpNUKE).

You can find the latest version here:

Spike PHP Audit Tool



Recent in Countermeasures:
- Passera – Generate A Unique Strong Password For Every Website
- HoneyDrive 3 Released – The Premier Honeypot Bundle Distro
- Codesake::Dawn – Static Code Analysis Security Scanner For Ruby

Related Posts:
- SPIKE Proxy – Application Level Security Assessment
- YASAT – Yet Another Stupid Audit Tool
- DllHijackAuditor – Free Audit Tool For DLL Hijack Vulnerability

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,084 views
- Password Hasher Firefox Extension - 116,973 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,546 views

Low-cost VPS Hosting

3 Responses to “SpikeSource Spike PHP Security Audit Tool”

  1. Ezra Nugroho 2 August 2006 at 5:02 am Permalink

    Thank you for the post, guys.

    BTW, the php 4 friendly version was released yesterday.

    http://ez.spikesource.com/phpsecaudit_023_released.htm
    http://developer.spikesource.com/projects/phpsecaudit

    Thanks,
    Ezra

  2. Darknet 2 August 2006 at 8:31 am Permalink

    No worries, we are always happy to support new projects.

    Especially those which will lead to more secure coding practises for everyone!

  3. devloop 2 August 2006 at 11:19 pm Permalink

    Very interesting project :)

    You should also try Wapiti for blackbox testing. It’s a “web application vulnerability scanner” released under the GPL License.