The application, called Pixy, can automatically scan your PHP source code for Cross-site scripting and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.
It looks like an interesting tool and a good quick way to check your work for security related mistakes. It's also nice for you Mac or Linux based developers out there since it is Java and platform independent. I'll attempt to take a look and give a further review in the next couple of weeks.
Pixy can be downloaded for free from http://pixybox.seclab.tuwien.ac.at/ or, try their Pixy web interface online!
Posted by Douglas Couch on June 22, 2007, in Handlers Log.