On Security Analysis of PHP Web Applications

David Hauzar, Jan Kofron
2012 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops  
In recent years, focus of business world has been moved towards the Internet. Web applications provide a generous interface non-stop thus offering to malicious users a wide spectrum of possible attacks. Consequently, the security of web applications has become a crucial issue. The state-of-the-art tools for bug discovery in languages used for web-application development, such as PHP, suffer from a relatively high false-positive rate and low coverage of real errors; this is caused mainly by
more » ... cise modeling of dynamic features of such languages and path-insensivity of the tools. In this paper, we will demonstrate weak points of the tools and describe our novel approach to these issues. We will show how our technique handles some of the situations where other tools fail and illustrate it on examples.
doi:10.1109/compsacw.2012.106 dblp:conf/compsac/HauzarK12 fatcat:yx64bkoxwjasthf2swvqwgb5me