Pixy Logo Pixy: XSS and SQLI Scanner for PHP Programs
Home
Documentation
Web Interface
Download
News
FAQ
Bug Reports
Other Tools
People
Contact

Documentation

More information about how to use Pixy and how it works internally can be found here:

Quick Start

If you want to learn how to use Pixy in a minute, go to the Quick Start Page.

Tutorial

If you have mastered the quick-start basics, you might want to learn more in our Tutorial. It currently consists of the following parts:

Publications

Parts of Pixy have also been documented in the following scientific papers:

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper).
Nenad Jovanovic, Christopher Kruegel, and Engin Kirda.
2006 IEEE Symposium on Security and Privacy, Oakland, CA, May 2006.
[Download] [Technical Report]

Precise Alias Analysis for Static Detection of Web Application Vulnerabilities
Nenad Jovanovic, Christopher Kruegel, and Engin Kirda.
ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Ottawa, Canada, June 2006.
[Download]


International Secure Systems Lab