Security for Source Code
Developer should be aware of the threat of people trying to gain unauthorized access to servers. The Open Web Application Security Project (OWASP) is a great resource with reference materials and links to software to assist with security. In particular, their source code analysis tools page. ITS recommends developers scan their source code as an additional security measure.
The source code analysis tools page lists open source/free tools and commercial tools. For PHP developers, there are two options:
- RATS: http://www.fortify.com/security-resources/rats.jsp
- There is no GUI and it doesn't support wildcards, so each source code file must be scanned individually.
- RIPS: http://sourceforge.net/projects/rips-scanner
- This runs in a browser. It supports supporting multiple files in a directory and sub-directories.