• DocumentCode
    3506533
  • Title

    An Empirical Study of the Evolution of PHP Web Application Security

  • Author

    Doyle, Maureen ; Walden, James

  • Author_Institution
    Dept. of Comput. Sci., Northern Kentucky Univ., Highland Heights, KY, USA
  • fYear
    2011
  • fDate
    21-21 Sept. 2011
  • Firstpage
    11
  • Lastpage
    20
  • Abstract
    Web applications are increasingly subject to mass attacks, with vulnerabilities found easily in both open source and commercial applications as evinced by the fact that approximately half of reported vulnerabilities are found in web applications. In this paper, we perform an empirical investigation of the evolution of vulnerabilities in fourteen of the most widely used open source PHP web applications, finding that vulnerabilities densities declined from 28.12 to 19.96 vulnerabilities per thousand lines of code from 2006 to 2010. We also investigate whether complexity metrics or a security resources indicator (SRI) metric can be used to identify vulnerable web application showing that average cyclomatic complexity is an effective predictor of vulnerability for several applications, especially for those with low SRI scores.
  • Keywords
    Internet; security of data; PHP Web application security; average cyclomatic complexity; complexity metrics; mass attacks; security resources indicator metric; vulnerabilities densities; Aggregates; Complexity theory; Encyclopedias; Security; Software; Software measurement; code complexity; security metrics; software security; static analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security Measurements and Metrics (Metrisec), 2011 Third International Workshop on
  • Conference_Location
    Banff, AB
  • Print_ISBN
    978-1-4673-1245-5
  • Type

    conf

  • DOI
    10.1109/Metrisec.2011.18
  • Filename
    6165758
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3506533