PHP coders take a look at Pixy!

The application, called Pixy, can automatically scan your PHP source code for Cross-site scripting and SQL injection vulnerabilities.  Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

It looks like an interesting tool and a good quick way to check your work for security related mistakes.  It's also nice for you Mac or Linux based developers out there since it is Java and platform independent.  I'll attempt to take a look and give a further review in the next couple of weeks. 

Pixy can be downloaded for free from or, try their Pixy web interface online!

Posted by Douglas Couch on June 22, 2007, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at

PDF files can be viewed in Adobe Acrobat Reader.