"The Secure Systems Lab at the Technical University of Vienna has released the newest version of Pixy, an open-source
vulnerability scanner. Here are some of the highlights:
– detection of SQL injection and XSS vulnerabilities in PHP source code
– automatic resolution of file inclusions
– computation of dependence graphs that help you understand the causes of reported vulnerabilities
– static analysis engine (flow-sensitive, interprocedural, context-sensitive)
– platform-independent (written in Java)
Pixy can be downloaded for free from http://pixybox.seclab.tuwien.ac.at/. "
Tool Link: http://pixybox.seclab.tuwien.ac.at/pixy/
