DevBug consists of two panels, the code editor and the information panel that sits below it.
The Code Editor has line numbering and syntax highlighting capabilities. The Code Editor is used to write, edit and paste PHP source code into.
The Code Editor uses the CodeMirror
Open Source project, this was found to be the most suitable
for my needs after testing alternatives including writing my own.
The Information Panel is where all of DevBug's important information is displayed; information such as this help information and potential vulnerabilities
detected by the Static Analysis engine.
The run button will trigger Static Analysis on the PHP source code contained within the Code Editor. The clear button will clear the code from the
Code Editor and if your browser supports it, clear the code from local storage.
The source code is sent to the server un-encrypted, however, the source code is not recorded by the server in any way.
DevBug checks for the following vulnerabilities from user supplied input:
Cross-Site Scripting (XSS)
DevBug is a basic PHP Static Code Analysis
The idea behind DevBug is to make basic PHP Static Code Analysis accessible online, to raise security awareness and to integrate SCA into the development process.
DevBug could be used to quickly test a page of PHP that you think may have some potential vulnerabilities,
to run across a piece of code you have found on Google that you are unsure of or to directly write your own code in.
Static Code Analysis should be part of your development process through a Security Development Lifecycle
The Taint Analysis data, such as sources,
securing functions and sinks were provided by Johannes Dahse of the awesome RIPS
PHP Static Code Analysis tool. The source code editor
was created by using the awesome CodeMirror
DevBug would not have been possible without:
DevBug was created by Ryan Dewhurst
(ethicalhack3r) as part of his undergraduate university thesis.