PHP Vulnerability Scanner
Find vulnerabilities in your web applications with our automated PHP vulnerability scanner. Integrate with your DevOps process for security while you build.
Join the thousands of companies worldwide
Easy to use PHP vulnerability scanner
As one of the most widely used server-side scripting languages, PHP is a prime target for cyber attacks. PHP vulnerabilities, like SQL injection and cross-site scripting (XSS), can be exploited by hackers to steal data, gain unauthorized access to servers, and more. Intruder’s PHP vulnerability scanner makes it easy to continuously find and address vulnerabilities in web applications and stay secure.
How to use our online PHP vulnerability scanner
1
Sign up for an account
Once your account is activated, you can start scanning your systems.
2
Add your targets
Start scanning with just a domain name or IP address. Or, set up a cloud integration to pull targets automatically.
3
Get the results
Review vulnerabilities prioritized by severity and see what’s exposed to the internet.
Automated PHP vulnerability scanner
Intruder's dynamic application security testing (DAST) tool scans PHP applications for 75+ vulnerabilities, including OWASP Top 10 vulnerabilities, SQL injection, cross-site scripting (XSS), and more. Detect vulnerabilities in single-page and multi-page web applications, schedule recurring scans at flexible intervals, and add authentication to scan behind logins.
Continuous security for PHP applications and their underlying infrastructure
Secure your PHP web applications, APIs, and underlying infrastructure - including cloud environments - in one platform. Intruder's emerging threat scans proactively check your systems for newly released vulnerabilities. Integrate Intruder with your CI/CD pipeline to find security flaws before they are deployed to production and download compliance reports to share with auditors and stakeholders.
Accelerate the time it takes to find and fix PHP vulnerabilities
Streamline your vulnerability management process and track how long it takes to remediate vulnerabilities in your PHP applications, so you can improve your time-to-fix. Intruder's comprehensive, easy to understand remediation advice helps developers fix the issues. Quickly run remediation scans to verify whether you have successfully fixed a specific PHP vulnerability.
Manual testing for PHP vulnerabilities and more
An automated PHP security scanner can help you identify many known vulnerabilities in your web apps, but manual testing can uncover more. With Intruder's continuous penetration testing service, our experienced penetration testers can check for issues that are not detectable by scanners.
Read our reviews on G2.com
Dynamic Application Security Testing (DAST) is a method of cyber security testing in which a running application is actively tested and probed using real traffic and requests. This type of testing evaluates the application from the “outside in” by attacking the application like an attacker would, to find any security vulnerabilities.
DAST contrasts with Static Application Security Testing (SAST), which performs “offline” static code analysis from the inside. SAST tools scan the original source code, while DAST scans the actual web application itself, which should include any APIs or web services your web application connects to.
As such, SAST is done earlier in the software development lifecycle shortly after PHP code is written, while DAST is conducted later in the development lifecycle once there’s a working web application running in a test environment, or even on production code.
Yes, you can! Learn all about how to scan SPAs with Intruder here.
PHP vulnerability scanners ‘crawl’ through a web application in a similar way as a search engine would, sending a range of probes to each page it finds to look for security vulnerabilities.
Intruder’s PHP scanner is a Dynamic Application Security Testing (DAST) tool, which means it tests the running application and requires no access to the source code.
To start scanning for vulnerabilities, all you need to provide is your web application’s IP address or URL.
Intruder performs 75+ checks for application issues, including OWASP Top 10 vulnerabilities such as SQL injection and XSS, and 140,000+ infrastructure checks, including unintentionally exposed systems, information leakage, and missing patches. Click here for more information.
The most comprehensive option for finding vulnerabilities in PHP applications is our Application License.
Our Application License is available across all our plans (Essential, Pro, Premium, and Vanguard). Learn more about our plans.
Yes, you can carry out authenticated application scans using Intruder. This includes web apps, APIs, and single page applications (SPAs).
Our team of experienced penetration testers will seek to identify serious weaknesses in your external targets, such as vulnerabilities in your PHP applications that are undetectable by scanners. Continuous penetration testing is a bolt-on service available to Premium users and is sold and booked by the day. Click here to learn more.