PHP Static Code Analysis

PHP static code analysis is necessary if you want to ensure that your PHP code will deliver secure applications.

There are plenty of options on the market for PHP static code analysis. These include Klocwork, Atlassian, Checkmarx, etc. However, the real trick with selecting the right tool is to choose one which is accurate so results don’t contain a high rate of false positives / negatives. Such a solution provides developers with the confidence they need in order to act upon those findings. In addition, the way in which the findings are reported is also a key aspect. Scanning your code is a great step in the right direction for secure development but it’s only when the data is delivered in the way that your developers need that it can become an accepted part of your application development lifecycle.

Checkmarx’s findings are provided in the “standard” format as a list of vulnerabilities (which can be exported into various formats such as PDF, XML, etc), but a key differentiator is the graph view which takes a novel approach, and applies graph algorithms on the findings to identify the critical junctions where the code has to be fixed. This high level view of the findings enables the elimination of many vulnerabilities with a single fix, thus optimizing the remediation efforts, saving time and money.

Checkmarx’s extensive research into the security state of PHP based WordPress’s open source CMS platform, and its plugin library, as you can see here helped deliver an additional improvement to Checkmarx’s PHP static code analysis capabilities.

The following two tabs change content below.


Latest posts by Administrator (see all)

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.