TOC Why configuration? The configuration file is used to configure the security-analysis within php-sat. It contains information about three things: Which variables ...

A sensitive sink is every construct/function that can cause a vulnerability when it is given TaintedData as a parameter. The following constructs are listed as a SensitiveSink ...

Any data that comes from outside the script should be considered tainted data. This includes user-input, database-results, file-system data or anything else that is ...