Title :
Static Detection of Un-Trusted Variables in PHP Web Applications
Author :
Shushen, P. ; Gu Qing ; Chen Daoxu
Author_Institution :
Dept. of Comput. Sci. & Technol., Nanjing Univ., Nanjing
Abstract :
Web applications support more and more our daily activities, it´s important to improve their reliability and security. The content which users input to Web applications´ server-side is named un-trusted content. Un-trusted content has a significant impact on the reliability and security of Web applications, so detecting the un-trusted variables in server-side program is important for improving the quality of Web applications. The previous methods have poor performance on weak typed and none typed server-side programs. To address this issue, this paper proposed a new technique for detecting un-trusted variables in PHP web applications (PHP is a weak typed server- side language). The technique is based upon a two phases static analysis algorithm. In the first phase, we extract modules from the Web application. Then un-trusted variables are detected from modules in the second phase. An implementation of the proposed techniques DUVP was also presented in the paper and it´s successfully applied to detect un-trusted variables in large-scale PHP web application.
Keywords :
Internet; program diagnostics; security of data; PHP Web application security; server-side program; static analysis algorithm; static un-trusted variable detection; Algorithm design and analysis; Application software; Computer science; Computer security; Laboratories; Large-scale systems; Performance analysis; Phase detection; Prototypes; Testing;
Conference_Titel :
E-Business and Information System Security, 2009. EBISS '09. International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-2909-7
Electronic_ISBN :
978-1-4244-2910-3
DOI :
10.1109/EBISS.2009.5138078
