I’ve been meaning to review some of my older PHP code for security vulnerabilities for a while, but never really got around to it. This afternoon, I started searching for some tools I might be able to use to do that for me. I came across the Spike PHP Security Audit Tool, and was actually fairly impressed with it.
In order to run it, I believe you need to have the PHP command-line interface installed. However, as long as you’ve got that, all you need to do is upload the package and type a simple command. It will take a while, but when it’s done, the script generates a nice HTML report showing all of the vulnerabilities it detected.