static code analysis - Optimizing For Happiness

Optimizing For Happiness

Sign in Subscribe

static code analysis

A collection of 5 posts

Eliminating a Class of Defects

automated testing

Eliminating a Class of Defects

Imagine the following line of PHP code: $db->GetRow("SELECT * FROM users WHERE id = $user_id"); This line is vulnerable to SQL injection, if an attacker controls $user_id variable. This is the safe version (using parametrized query): $db->GetRow("SELECT * FROM users WHERE id

static code analysis

PHP Unlocker

PHP-Unlocker [https://github.com/emanuil/php-unlocker] is a static analysis tool that detects potential, unintended DB table locks for PHP applications using ADOdb [http://adodb.org]. It searches your code for improper usage of StartTrans() and CompleteTrans() methods [http://phplens.com/adodb/reference.functions.transactions.html]. So why write this

Remove SQL injections from PHP. Forever.

Remove SQL injections from PHP. Forever.

A little bit of history SQL injection [http://en.wikipedia.org/wiki/SQL_injection] in one of the top vulnerabilities in web applications for some years now [https://www.owasp.org/index.php/Top_10_2013-Top_10]. Once found, it’s not difficult to exploit, the exploitation is reliable and

Static Code Analysis for PHP

Static Code Analysis for PHP

Static Code Analysis (SCA) is the first of the three pillars of automated testing [https://emanuilslavov.com/the-three-pillars-of-automated-testing/]. This is the practice of running tools that compile (depending on the language you use) and parse your source code, matching to see of various rules are violated. No code is executed

The Three Pillars of Automated Testing

The Three Pillars of Automated Testing

In order to have fast and quality release you need to implement and balance between the three automation pillars, not leaning heavily towards one or the other. They are interconnected and act as a different layers to defend agains various problems. More posts will follow to describe in details the