Current Release: Sandcat 4.0 - Search:

Home

Customer Login
Sandcat®

Features
Upgrade to PRO
Download
Sandcat for PHP
Sandcat Hardener
New in 4.0

Gelo
NmapW
Other Tools

About Us
Company Info
Contact Us

Sandcat /

Sandcat for PHP

Overview

Vulnerabilities like this one
and many other variants can be detected

The most comprehensive white box testing solution for PHP developers.

Sandcat® for PHP enables developers and QA testers to automatically scan any kind of PHP application source code for potential security vulnerabilities. Sandcat for PHP has been designed to scan PHP applications for various types of issues, such as Cross-Site Scripting (XSS), File Inclusion, SQL Injection, Command Execution and weak validation. Additionally, by identifying key areas of the code, Sandcat for PHP can also help auditors perform code reviews better, faster and more efficiently. The tool goes beyond and also offers the possibility to check PHP installations for problems.

Sandcat for PHP is now included with the latest release of Sandcat

Key Features

Sandcat for PHP is a perfect complement to the already extensive set of remote scanning capabilities available in the Sandcat scanner, making it the most comprehensive solution for those concerned about web application security.

  • Provides over 70 web application security checks, covering over 5 types of web security attacks
  • Analyzes the source code of PHP applications and detects cross-site scripting, file inclusion, SQL injection, command execution and validation problems
  • Identifies key areas of the code, such as key HTML tags, AJAX / JavaScript, entry points and interesting keywords
  • Allows to scan for specific vulnerabilities, such as SQL Injection and XSS (Cross-Site Scripting) vulnerabilities
  • Allows to define a directory to be scanned
  • Exports alerts to HTML format (registered users only)
  • Sandcat® Hardener - Inspects and evaluates the security settings of any Apache or PHP configuration file

Checks

  • Cross-Site Scripting (XSS)
  • File Inclusion
  • SQL Injection
  • Command Execution
  • Weak Validation
  • Key HTML Tags
  • Key AJAX / JavaScript
  • Entry Points - User Input
  • Entry Points - Indirect User Input
  • Interesting Keywords
  • Compliance
    • OWASP PHP Top 5
  • Configuration Hardening
    • Apache
    • PHP

Specs

System Requirements

  1. 128 MB of memory
  2. 100 MB of free disk space
  3. Internet connection (optional for remote scanning or performing automatic updates)
  4. Windows XP, 2003, 2008, Vista or 7. It should run on older versions of Windows as well.
  5. As a user of a more recent Windows version you may need to be logged in with full administration rights

We have identified significant vulnerabilities using Sandcat for PHP. Several products we reviewed were found to have various types of injection vulnerabilities, arbitrary file disclosure and access issues and tons of XSS problems. We found very few false positives

Brent Huston
CEO, MicroSolved, Inc., United States

Follow Brent Huston on

More on Sandcat for PHP

Edit - History -
Print - Search - Legal Notices - Privacy - Advisories - Links
© 2003 - 2010 Syhunt Cyber-Security Company. All rights reserved. Page last updated on July 21, 2010, at 02:31 PM EST