Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Static Detection of Security Vulnerabilities in Scripting Languages
 

Summary: Static Detection of Security Vulnerabilities
in Scripting Languages
Yichen Xie Alex Aiken
Computer Science Department
Stanford University
Stanford, CA 94305
{yxie,aiken}@cs.stanford.edu
Abstract
We present a static analysis algorithm for detecting secu-
rity vulnerabilities in PHP, a popular server-side script-
ing language for building web applications. Our analysis
employs a novel three-tier architecture to capture infor-
mation at decreasing levels of granularity at the intra-
block, intraprocedural, and interprocedural level. This
architecture enables us to handle dynamic features of
scripting languages that have not been adequately ad-
dressed by previous techniques.
We demonstrate the effectiveness of our approach on
six popular open source PHP code bases, finding 105 pre-
viously unknown security vulnerabilities, most of which

  

Source: Aiken, Alex - Department of Computer Science, Stanford University

 

Collections: Computer Technologies and Information Sciences