Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
PLDI
2006
ACM
2006
ACM
Precise alias analysis for static detection of web application vulnerabilities
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, errorprone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable web applications by means of static source code analysis. To this end, we present a novel, precise alias analysis targeted at the unique reference semantics commonly found in scripting languages. Moreover, we enhance the quality and quantity of the generated vulnerability reports by employing a novel, iterative two-phase algorithm for fast and precise resolution of file inclusions. We integrated the presented concepts into Pixy [14], a highprecision static analysis tool aimed at detecting cross-site scripting vulnerabilities in PHP scripts. To demonstrate the effectiveness of our techniques, we analyzed three we...
Real-time TrafficRelated Content
| Added | 14 Jun 2010 |
| Updated | 14 Jun 2010 |
| Type | Conference |
| Year | 2006 |
| Where | PLDI |
| Authors | Nenad Jovanovic, Christopher Kruegel, Engin Kirda |
Comments (0)
Researcher Info
|
