Top 10 PHP Vulnerability Scanners

1
Top 10 Online PHP Vulnerability Scanners
2
Introduction About PHP

• PHP programming language rules the web around 80
  of market share and its used for all worpdress,
  joomla laravel, drupal websites. 
• PHP is secure but the hackers trying to find the
  loophole vulnerability and hacked it. 
• For security purpose you should scan your php
  website code before going live.

3
10 Best PHP Vulnerability Scanning Tools

• Here we listed some of most used and top 10
  online php vulnerability scanners for your
  reference. 
• PHPStan 
• RIPS 
• SonarPHP 

4

• 4. Exakat
• 5. SensioLabs
• 6. Psalm
• 7. Checkmarx 
• 8. Progpilot 
• 9. PHP Vulnerability Hunter 
• 10. Grabber 

5

• 1. PHPStan
•                    PHPStan is one of the best
  tool to find bugs in your php code. It is a real
  time online php malicious code scanner which
  detects the bugs immediately.
• 2. RIPS
•             RIPS is the most commonly used static
  PHP code vulnerability scanner tool that is
  integrated through the development lifecycle to
  find vulnerabilities in real time. It has lots of
  features compare to all other scanners. This tool
  export scan results report into multiple formats
  PDF, CSV and other by using RESTful API.

6

• 3. SonarPHP
•                     SonarPHP is designed with php
  vulnerabilities through pattern matching, data
  flow techniques. It is a static php code analyzer
  and integrates with Eclipse, IntelliJ.
• 4. Exakat 
•                Exakat is a real time static
  analyzer to check vulnerability in php code. It
  got more than 300 analyzers dedicated to PHP and
  framework specific analyzers like WordPress,
  CakePHP, Zend, etc.

7

• 5. SensioLabs 
• SensioLabs is a security centered scanner which
  is available in 3 types Online Upload your sour
  ce file and perform scan API Use Web service to
  check vulnerabilities and scan results are
  available in text and JSON format
  CLI Download the tool and use it locally
• 6. Psalm
• Psalm is basic level error finding app which is
  built on top of PHP Parser.

8

• 7. Checkmarx
•                     Checkmarx is a cloud-based
  php vulnerability scanner to scan code and it
  also give explanation of vulnerability and
  recommendation on how to fix them. 
• 8. Progpilot
•                   Progpilot is a static analyzer
  let you specify the analysis type like GET, POST,
  COOKIE, SHELL_EXEC, etc. It supports suiteCRM and
  CodeIgniter framework now.

9

• 9. PHP Vulnerability Hunter
•                   PHP vulnerability scanner using
  both dynamic and static analysis and detect the
  vulnerabilities. It is also capable of finding
  vulnerability in
• SQL Injection
• Cross Site Scripting
• Local File Inclusion 
• Arbitrary file read and command execution
• 10. Grabber
•                  Grabber is a python-based tool
  to perform hybrid analysis on a PHP-based
  application using PHP-SAT.

10
Conclusion

• I hope these above php security scanning tools
  will you make your PHP applications more secure. 
• Thank You!