Security for Source Code


Developer should be aware of the threat of people trying to gain unauthorized access to servers. The Open Web Application Security Project (OWASP) is a great resource with reference materials and links to software to assist with security. In particular, their source code analysis tools page. ITS recommends developers scan their source code as an additional security measure.

The source code analysis tools page lists open source/free tools and commercial tools. For PHP developers, there are two options: 

  1. RATS: http://www.fortify.com/security-resources/rats.jsp
    • There is no GUI and it doesn't support wildcards, so each source code file must be scanned individually.
  2. RIPS: http://sourceforge.net/projects/rips-scanner
    • This runs in a browser. It supports supporting multiple files in a directory and sub-directories.

Related Articles

How to avoid SQL injection attacks

Please rate the quality of this answer: PoorFairOkayGoodExcellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 1333
Created: Mon, 24 Oct 2011 10:56am
Modified: Mon, 24 Oct 2011 1:25pm