是否有用于识别php/mysql的sql注入的静态分析工具 [英] Is there a static analysis tool for identifying sql injection for php/mysql

问题描述

是否有用于识别php/mysql的sql注入的静态分析工具.

Is there a static analysis tool for identifying sql injection for php/mysql.

在php脚本上运行的工具将分析sql语句，并查找该sql语句是否存在任何可能的sql注入可能性.

A tool which run on a php script would analyze the sql statements and find if there are any possible sql injection possibilities for the sql statements.

推荐答案

我发现的结果令人失望.

What I found is rather disappointing.

RATS (商标为Fortify)有一些PHP支持，但无法检测到SQL注入.显然，惠普专家专注于.NET和Java应用程序.

RATS (branded as Fortify) has some PHP suport, but it doesn't detect SQL injections. Apparently HP guys are focused on .NET and Java apps.

OWASP SWAAT项目对我来说似乎已经死了.

OWASP SWAAT Project seems to be dead to me.

RIPS扫描器是一种可以安装在Web服务器上并在您的源代码中导航的工具Web界面上的应用程序.不幸的是，当我打开它时，它只是挂在我身上.

RIPS Scanner is a tool you can install on your web server and navigate in the source of your application on the web interface. Unfortunately it just hangs for me when I open it.

有一个名为 DevBug 的在线工具.扫描整个代码库不是很有用，但是对于初学者来说练习安全性很好.

There is an online tool called DevBug. It is not very useful to scan your entire codebase, but it's good for beginners to practice security.

这篇关于是否有用于识别php/mysql的sql注入的静态分析工具的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！