Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Static Detection of Security Vulnerabilities in Scripting Languages

Summary: Static Detection of Security Vulnerabilities
in Scripting Languages
Yichen Xie Alex Aiken
Computer Science Department
Stanford University
Stanford, CA 94305
We present a static analysis algorithm for detecting secu-
rity vulnerabilities in PHP, a popular server-side script-
ing language for building web applications. Our analysis
employs a novel three-tier architecture to capture infor-
mation at decreasing levels of granularity at the intra-
block, intraprocedural, and interprocedural level. This
architecture enables us to handle dynamic features of
scripting languages that have not been adequately ad-
dressed by previous techniques.
We demonstrate the effectiveness of our approach on
six popular open source PHP code bases, finding 105 pre-
viously unknown security vulnerabilities, most of which


Source: Aiken, Alex - Department of Computer Science, Stanford University


Collections: Computer Technologies and Information Sciences