Skip to main content

Posts

Showing posts from October, 2024

Secure Source Code Review - PHP

  Semgrep #Installation pip install semgrep==1.54.3 #Use below script to run it; update the paths in the script wget https://raw.githubusercontent.com/Bhanunamikaze/PenTest-Scripts/refs/heads/main/semgrep_runner.py #Download the rules git clone https://github.com/Bhanunamikaze/SemgrepRules-PHP.git PHP Code Snipper Download phpcs.phar file from PHP_CodeSniffer Releases sudo apt-get install php-tokenizer php-xml php phpcs.phar /path/to/PHP_Code Visual Code Grepper https://github.com/nccgroup/VCG/tree/master GitHub - tcosolutions/betterscan: Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan For NodeJS GitHub - insidersec/insider: Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Jav...