Monday, January 31, 2011

PHP - Source/Static code analysis tools

PHP - Source/Static code analysis tools

Source/Static code analysis tools are designed to analysis source code and identify security vulnerabilities in PHP/Other programming languages(Java,C,C++,etc). Ideally, such tools help to identify the coding standards and reverse engineering of source code.

Here is the list of static code analysis tools

Copy/Paste Detector (CPD) - It uses PMDs duplicate code detection for PHP. PHPUnit 3.2 supports Copy & Paste Detection.

Sonar - This tool used to do unit tests,complexity, duplication, design, comments, coding standards and potential problems.

Yasca - Yet Another Source Code Analyzer, a plugin-based framework for scanning arbitrary file types, with plugins for scanning PHP.

DMS Software Reengineering Toolkit - It supports custom,dead code analysis and style checking.

Fortify - It helps programmer to identify software security vulnerabilities in PHP and other web programming languages.

Syhunt Sandcat - Helps to deteact security flaws in PHP and other web programming languages

Understand - Reverse engineering of source, code navigation and metrics tool.

Veracode - This tool used to finds security flaws in application binaries and bytecode without requiring source code. Supported languages PHP,C,C++,JAVA,etc.

1 comment: