A New Framework of Security Vulnerabilities Detection in PHP Web Application

Nowadays, Web applications provide us most of the Internet services, but also give birth to more and more new types of Internet applications. While, according to the developers' programming techniques and safety awareness, there are many kinds of Web application security flaws and vulnerabiliti...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing s. 271 - 276
Hlavní autoři: Zhao, Jingling, Gong, Rulin
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.07.2015
Témata:
code audit
Data structures
dynamic analysis
Indexes
PHP code review
Security
static analysis
Testing
Uniform resource locators
Virtual machining
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Nowadays, Web applications provide us most of the Internet services, but also give birth to more and more new types of Internet applications. While, according to the developers' programming techniques and safety awareness, there are many kinds of Web application security flaws and vulnerabilities hiding in the program. So it is very important to improve their reliability and security. Usually people use code review based on static or dynamic analysis to detect security vulnerabilities, but each method has shortcomings that can't overcome easily which can result in a big number of false positives and omission. To address this issue, this paper proposed a new framework of detecting security vulnerabilities of PHP web application. In this framework, we combine dynamic and static analysis to make full use of the advantages of the two, greatly improve the efficiency of detection. An implementation based on this framework has also been completed and it will also be presented in the paper.
DOI:10.1109/IMIS.2015.42