Vulnerability Analysis and Development of Secure Coding Rules for PHP
PHP 보안 취약점 분석과 시큐어 코딩 규칙 개발

KyungSook Han, Wooyeol Park, Ilgwon Yang, Changhwan Son, Changwoo Pyo
2015 KIISE Transactions on Computing Practices  
This paper shows secure coding rules for PHP programs. Programmers should comply with these rules during development of their programs. The rules are crafted to restrain 28 weaknesses that are composed of 22 corresponding to reported CVEs of PHP, the children of CWE-661 for PHP, and the top 5 weaknesses according to OWASP. The rule set consists of 28 detailed rules under 14 categories. This paper also demonstrates through examples that programs complying with these rules can curb weaknesses.
more » ... curb weaknesses. The rules can also serve as a guideline in developing analysis tools for security purposes.
doi:10.5626/ktcp.2015.21.11.721 fatcat:ufrxvjrqfffa3jfxjjzzwmtgci