Saturday, May 10 2008
By Romain on Saturday, May 10 2008, 11:30 UTC - Discussion
Wednesday, May 30 2007
By Romain on Wednesday, May 30 2007, 11:25 UTC - Tools
In one of the last post, I made a comparison between two PHP Source Code Security Analyzers: SWAAT and PHP-SAT. The results was close to say that SWAAT was really better than PHP-SAT.
I started working on the configuration of PHP-SAT and it looks to be quite powerful (well, after talking with Eric Bouwers, I'm waiting for the next release) and I think I will be able to have good results with combining a security oriented configuration and some additional bugpatterns.
On the other hand, SWAAT is really limited for now as example, I've made a simple php script with only SQL queries inside: every lines are highlighted as flawed (and with a MEDIUM level)!! This is simply stupid and they would better don't report anything than doing that... just tell that you don't support SQL Injection for now... Anyway, SWAAT is for me the tool to keep an eye on, I will try to develop some features on it, especially for XSS detection and SQL Injection findings...
Wednesday, April 11 2007
By Romain on Wednesday, April 11 2007, 13:13 UTC - Discussion
After the 20 must-have Firefox extensions, computerworld came up with the top 10 firefox extensions to avoid. And in the list you can see:
So what the heck? Are they kidding? I can understand for GreaseMonkey because it's mainly for people who need it, but NoScript is a really good extension which has active protection...
Last comments