Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Runtime instrumentation for precise flow-sensitive type analysis
RV'10 Proceedings of the First international conference on Runtime verification
Hi-index | 0.00 |
We present Phantm, a static analyzer that uses a flow-sensitive analysis to detect type errors in PHP applications. Phantm can infer types for nested arrays, and can leverage runtime information and procedure summaries for more precise results. Phantm found over 200 true problems when applied to three applications with over 50'000 lines of code, including the popular DokuWiki code base.