This ruleset focuses on code security.
Total : 47 analysis
Eval() Usage
phpinfo
var_dump()… Usage
Hardcoded Passwords
Direct Injection
Avoid sleep()/usleep()
parse_str() Warning
Avoid Those Hash Functions
No Hardcoded Port
Should Use Prepared Statement
No Hardcoded Ip
Compare Hash
preg_replace With Option e
eval() Without Try
register-globals
Safe Curl Options
Use random_int()
No Hardcoded Hash
Random Without Try
Indirect Injection
Unserialize Second Arg
Don’t Echo Error
Should Use session_regenerateid()
Encoded Simple Letters
Set Cookie Safe Arguments
No Return Or Throw In Finally
Mkdir Default
Switch Fallthrough
Upload Filename Injection
Always Anchor Regex
Session Lazy Write
Sqlite3 Requires Single Quotes
No Net For Xml Load
Dynamic Library Loading
Configure Extract
move_uploaded_file Instead Of copy
filter_input() As A Source
Safe HTTP Headers
Insecure Integer Validation
Minus One On Error
No ENT_IGNORE
No Weak SSL Crypto
Keep Files Access Restricted
Check Crypto Key Length
Incompatible Types With Incoming Values
Filter Not Raw
Unvalidated Data Cached In Session
Short name
Security
Available in
Entreprise Edition, Exakat Cloud
Reports
Ambassador, Owasp
GETTING STARTED
USER GUIDE
REFERENCE GUIDE
ADMINISTRATOR GUIDE
OTHERS