An empirical study of the reliability of UNIX utilities
Communications of the ACM
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
In this paper we describe the THAPS vulnerability scanner for PHP web applications. THAPS is based on symbolic execution of PHP with specialised support for scanning extensions and plug-ins of larger application frameworks. We further show how THAPS can integrate the results of dynamic analyses, generated by a customised web crawler, into the static analysis. This enables analysis of often used advanced dynamic features such as dynamic code load and reflection. To the best of our knowledge, THAPS is the first tool to apply this approach and the first tool with specific support for analysis of plug-ins. In order to verify our approach, we have scanned 375 WordPress plug-ins and a commercial (monolithic) web application, resulting in 68 and 28 confirmed vulnerabilities respectively.