PIXY

THE SECURE SYSTEMS LAB AT THE TECHNICAL UNIVERSITY OF VIENNA HAS RELEASED THE NEWEST VERSION OF PIXY, AN OPEN-SOURCE VULNERABILITY SCANNER. HERE ARE SOME OF THE HIGHLIGHTS:

* DETECTION OF SQL INJECTION AND XSS VULNERABILITIES IN PHP SOURCE CODE
* AUTOMATIC RESOLUTION OF FILE INCLUSIONS
* COMPUTATION OF DEPENDENCE GRAPHS THAT HELP YOU UNDERSTAND THE CAUSES OF REPORTED VULNERABILITIES
* STATIC ANALYSIS ENGINE (FLOW-SENSITIVE, INTERPROCEDURAL, CONTEXT-SENSITIVE)
* PLATFORM-INDEPENDENT (WRITTEN IN JAVA)

http://pixybox.seclab.tuwien.ac.at/pixy/