Is there a static analysis tool for identifying sql injection for php/mysql.
A tool which run on a php script would analyze the sql statements and find if there are any possible sql injection possibilities for the sql statements.
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Not sure if a tool like that exists for PHP Script, but the security compass tools are great for a first analysis :
http://labs.securitycompass.com/index.php/exploit-me/
回答2:
What I found is rather disappointing.
RATS (branded as Fortify) has some PHP suport, but it doesn't detect SQL injections. Apparently HP guys are focused on .NET and Java apps.
OWASP SWAAT Project seems to be dead to me.
RIPS Scanner is a tool you can install on your web server and navigate in the source of your application on the web interface. Unfortunately it just hangs for me when I open it.
There is an online tool called DevBug. It is not very useful to scan your entire codebase, but it's good for beginners to practice security.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 傲 的文章《Is there a static analysis tool for identifying sq》','https://www.manongdao.com/article-874935.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}