We did a post on ten security checks for PHP, and pointed to a PHP security guide as well. On a more recent, related note, you might want to take a look at Rkrishardy.com regarding researchers from MIT, Stanford and Syracuse having developed “Ardilla”, which analyzes PHP code for XSS (Cross-Site Scripting) and SQL injection attack vulnerabilities.
Derived from a modified version of the Zend Interpreter, from work done at IBM, Ardilla can’t be released as open source because of licensing issues, though Hardy speculates that there might one day be an open source version of it. This article includes a link to the original technical paper referenced.
PHP Security Checker
Previous post: Chartbeat: If You Just Wanna Feel Smart
Next post: Ruby Cheat Sheet
{ 1 comment… read it below or add one }
Thanks for the info, I am studying PHP at the moment.