WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives.
WAP detects the following vulnerabilities:
– SQL injection using MySQL, PostgreSQL and DB2 DBMS
– Reflected cross-site scripting (XSS)
– Stored XSS
– Remote file inclusion
– Local file inclusion
– Directory traversal
– Source code disclosure
– OS command injection
– PHP code injection
WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities.
The output of the tool is:
– shows the vulnerabilities found and how they are corrected
– new files with the corrections
Cloudbased voice solutions are common in enterprise networks and frustrating for operations teams to manage. Simplify VoIP monitoring by having a proactive analysis of on-prem, hybrid and UCaaS voice services. Try the ThousandEyes VoIP monitoring solution today, free.
Website | http://awap.sourceforge.net/ |
Tags | SecuritySource code analysis |
License | GNU General Public License version 3.0 (GPLv3) |
Platform | Linux Mac Windows |
Features |
|