A New Framework of Security Vulnerabilities Detection in PHP Web Application

Nowadays, Web applications provide us most of the Internet services, but also give birth to more and more new types of Internet applications. While, according to the developers´ programming techniques and safety awareness, there are many kinds of Web application security flaws and vulnerabilities hiding in the program. So it is very important to improve their reliability and security. Usually people use code review based on static or dynamic analysis to detect security vulnerabilities, but each method has shortcomings that can´t overcome easily which can result in a big number of false positives and omission. To address this issue, this paper proposed a new framework of detecting security vulnerabilities of PHP web application. In this framework, we combine dynamic and static analysis to make full use of the advantages of the two, greatly improve the efficiency of detection. An implementation based on this framework has also been completed and it will also be presented in the paper.