Algorithms for Guided Tree Automata
WIA '96 Revised Papers from the First International Workshop on Implementing Automata
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
Static Analysis of XML Transformations in Java
IEEE Transactions on Software Engineering
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
String analysis for x86 binaries
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
Abstracting Symbolic Execution with String Analysis
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
Ambiguity in Graphs and Expressions
IEEE Transactions on Computers
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Symbolic String Verification: An Automata-Based Approach
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Path Feasibility Analysis for String-Manipulating Programs
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
A Symbolic Execution Framework for JavaScript
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Patching vulnerabilities with sanitization synthesis
Proceedings of the 33rd International Conference on Software Engineering
Path- and index-sensitive string analysis based on monadic second-order logic
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
String abstractions for string verification
Proceedings of the 18th international SPIN conference on Model checking software
Symbolic finite state transducers: algorithms and applications
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A practical string analyzer by the widening approach
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
STRANGER: an automata-based string analysis tool for PHP
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Symbolic automata: the toolkit
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Verifying client-side input validation functions using string analysis
Proceedings of the 34th International Conference on Software Engineering
| Hi-index | 0.00 |
Verifying string manipulating programs is a crucial problem in computer security. String operations are used extensively within web applications to manipulate user input, and their erroneous use is the most common cause of security vulnerabilities in web applications. We present an automata-based approach for symbolic analysis of string manipulating programs. We use deterministic finite automata (DFAs) to represent possible values of string variables. Using forward reachability analysis we compute an over-approximation of all possible values that string variables can take at each program point. Intersecting these with a given attack pattern yields the potential attack strings if the program is vulnerable. Based on the presented techniques, we have implemented Stranger, an automata-based string analysis tool for detecting string-related security vulnerabilities in PHP applications. We evaluated Stranger on several open-source Web applications including one with 350,000+ lines of code. Stranger is able to detect known/unknown vulnerabilities, and, after inserting proper sanitization routines, prove the absence of vulnerabilities with respect to given attack patterns.