A Static Analyzer for PHP Web Applications
Date Issued
2008
Date
2008
Author(s)
Chung, Chen-I
Abstract
The number and importance of Web applications have grown rapidly in recent years, as more and more services and business activities are accomplished through these applications.onsequently, Web applications have become the targets of security attacks. Although several mechanisms, such as firewalls and connection encryption, have been developed to solve the problem, they cannot eliminate Web application vulnerabilities because the vulnerabilities are inherent in Web application programs. According to statistics published by OWASP, there are many kinds of Web application vulnerabilities, and the number is growing continuously.rogram analysis techniques can be used to solve these problems. Both static and dynamic approaches have been proposed to detect or prevent vulnerabilities.n this thesis, we focus on static analysis of programs, where the analysis is performed without actually executing the programs. We believe that eliminating vulnerabilities during the program development stage is a relatively cost-effective method.o this end, we review several recently proposed static analysis algorithms for Web applications and summarize their pros and cons. The approaches focus on the analysis ofHP Web applications; however, there are still some issues that have not been considered, e.g., alias analysis of PHP variable variables and arrays with string indices. Performing static analysis without considering theseissues may generate some false negatives or false positives.e design an algorithm to solve these problems and implement it in our static analyzer, which first translates PHP programs into an intermediate representation.e chose CIL as the intermediate language which helped us perform program analysis by clarifying ambiguous constructs and removing redundant constructors.e review the language features of PHP and propose a precise semantic conversion to CIL. In addition, we devise some data structures and auxiliary functions to ensure that the semantics are as precise as possible. The conversion not only represents PHP in CIL, but also clarifies the type of PHP variable.e also implement a taint dataflow analysis on CIL that can handle the alias relationships of PHP variable variables and arrays with string indices correctly. Many toolsield a false positive or false negative result even if a variable variable stores a constant string value. Through our analysis of ten Web applications, we found that some vulnerabilities are caused by variable variables and arrays with string indices.
Subjects
Static Analysis
Dataflow Analysis
Web Applications
PHP Variable Variables
Security Vulnerabilities
Verification
File(s)![Thumbnail Image]()
Loading...
Name
ntu-97-R96725006-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):4ed2595f4faa60a3d5784d1cf6b55b92