Over the weekend I was looking at a bit of PHP code on a mambo site and discovered this little tool for download. While I would absolutely agree with myself that I'm not the best PHP coder you will run across, I was interested to discover this little solution. It is definitely true that languages such as PHP are more difficult to assess based on the fact that they do require more manual intervention. Anyway .... introducing pixy.
[Blatant Rip] Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.