An Open-Source Vulnerability Scanner for PHP Applications. The Secure Systems Lab at the Technical University of Vienna has released the newest version of Pixy, an open-source vulnerability scanner. Here are some of the highlights: * Detection of SQL injection and XSS vulnerabilities in PHP source code
1. Automatic resolution of file inclusions
2. Computation of dependence graphs that help you understand the causes of reported vulnerabilities
3. Static analysis engine (flow-sensitive, interprocedural, context-sensitive)
4. Platform-independent written in Java.
http://pixybox.seclab.tuwien.ac.at